Loading ...
Sorry, an error occurred while loading the content.

Re: [rest-discuss] Stateful APIs

Expand Messages
  • Eric J. Bowman
    ... It depends on the system. If the not logged in use case accounts for a significant amount of traffic, the default response can be set to cache-control:
    Message 1 of 14 , Jun 3, 2011
    • 0 Attachment
      Subbu Allamaraju wrote:
      >
      > Will Hartung wrote:
      >
      > > Having URLs return different representations based on who is logged
      > > in is perfectly acceptable HTTP. We see that all the time with
      > > cookies and what not. But it pretty much eliminates a lot of the
      > > benefits, such as caching. I don't know if proxies cache different
      > > the same URLs based on the authentication header or not. I doubt it.
      >
      > Caches don't maintain infinite number of variations as such a
      > practice usually leads to very poor cache hit ratio. This is not a
      > case of right vs wrong, it is just inefficient from cache operability
      > point of view.
      >

      It depends on the system. If the 'not logged in' use case accounts for
      a significant amount of traffic, the default response can be set to
      cache-control: public, while personalized responses (the 'logged in'
      use case) set cache-control: private.

      So Vary: Authorization should only result in one cached variant on
      public caches. I'm not seeing the caching downside to this approach,
      seeing as how I don't want to publicly cache personalized responses.

      -Eric
    • Subbu Allamaraju
      Agreed.
      Message 2 of 14 , Jun 3, 2011
      • 0 Attachment
        Agreed.

        On Jun 3, 2011, at 12:52 PM, Eric J. Bowman wrote:

        > Subbu Allamaraju wrote:
        >>
        >> Will Hartung wrote:
        >>
        >>> Having URLs return different representations based on who is logged
        >>> in is perfectly acceptable HTTP. We see that all the time with
        >>> cookies and what not. But it pretty much eliminates a lot of the
        >>> benefits, such as caching. I don't know if proxies cache different
        >>> the same URLs based on the authentication header or not. I doubt it.
        >>
        >> Caches don't maintain infinite number of variations as such a
        >> practice usually leads to very poor cache hit ratio. This is not a
        >> case of right vs wrong, it is just inefficient from cache operability
        >> point of view.
        >>
        >
        > It depends on the system. If the 'not logged in' use case accounts for
        > a significant amount of traffic, the default response can be set to
        > cache-control: public, while personalized responses (the 'logged in'
        > use case) set cache-control: private.
        >
        > So Vary: Authorization should only result in one cached variant on
        > public caches. I'm not seeing the caching downside to this approach,
        > seeing as how I don't want to publicly cache personalized responses.
        >
        > -Eric
      Your message has been successfully submitted and would be delivered to recipients shortly.