Default behaviour with regards to Cache-Control

[Poul-Henning Kamp]

In message <loom.20090212T102450-275 at post.gmane.org>, Ole Laursen writes:
>Poul-Henning Kamp <phk at ...> writes:
>
>> We don't consider varnish a "shared cache" in the RFC2616 sense of
>> the concept, because the varnish instance is fully under the control
>> of the servers administrator, and should therefore be considered
>> part of the server.
>
>As I read that part of the RFC, shared simply means shared between more than one
>user, the key part here is that it's used to signal that it's "intended for only
>one user and not a valid response for requests by other users".

If you look *really* carefully through the RFC2616, you will find one
reference to server side caches -- which they forgot to remove.

In the end, the standards group realized, that a cache under the control
of the web-server owner, is just a web-server that picks up its contents
with HTTP.

The reasons why client-side caches have to be so paranoid and fail back
to "don't cache if confused", is that they have no knowledge or ownership
of the content.

A webserver owner, even if he uses Varnish as his webserver, has knowledge
and ownership, and configuring things correctly is his job.

>When it comes to cookies, Varnish is as default verging on the side of safety in
>by-passing the cache.
>
>Why wouldn't you do the same to private? Principle of least surprise?

Well, if people in general think our defaults should be that way, we
can change them, our defaults are whatever the consensus can agree on.

-- 
Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.