Loading ...
Sorry, an error occurred while loading the content.

17563Re: [rest-discuss] Stateful APIs

Expand Messages
  • Subbu Allamaraju
    Jun 3, 2011
    • 0 Attachment
      Agreed.

      On Jun 3, 2011, at 12:52 PM, Eric J. Bowman wrote:

      > Subbu Allamaraju wrote:
      >>
      >> Will Hartung wrote:
      >>
      >>> Having URLs return different representations based on who is logged
      >>> in is perfectly acceptable HTTP. We see that all the time with
      >>> cookies and what not. But it pretty much eliminates a lot of the
      >>> benefits, such as caching. I don't know if proxies cache different
      >>> the same URLs based on the authentication header or not. I doubt it.
      >>
      >> Caches don't maintain infinite number of variations as such a
      >> practice usually leads to very poor cache hit ratio. This is not a
      >> case of right vs wrong, it is just inefficient from cache operability
      >> point of view.
      >>
      >
      > It depends on the system. If the 'not logged in' use case accounts for
      > a significant amount of traffic, the default response can be set to
      > cache-control: public, while personalized responses (the 'logged in'
      > use case) set cache-control: private.
      >
      > So Vary: Authorization should only result in one cached variant on
      > public caches. I'm not seeing the caching downside to this approach,
      > seeing as how I don't want to publicly cache personalized responses.
      >
      > -Eric
    • Show all 14 messages in this topic