Private vs Public in Cache-Control

Can you please describe an example indicating difference between Public and Private Cache-Control in asp.net applications hosted in IIS.

I read in MSDN that the difference is the following:

Public: Sets Cache-Control: public to specify that the response is cacheable by clients and shared (proxy) caches.

Private: Default value. Sets Cache-Control: private to specify that the response is cacheable only on the client and not by shared (proxy server) caches.

I am not sure I have completely understood the pros and cons from each choice. An example for when to or not to use it would be great.

For example what should I do if i have two web servers hosting the same application? Is there anything to watch out if I choose Private or Public?

The only difference is that with Private you are not allowing proxies to cache the data that travels through them. In the end, it all boils down to the data contained in the pages/files you are sending.

For example, your ISP could have an invisible proxy between you and the Internet, that is caching web pages to reduce the amount of bandwidth needed and lower costs. By using cache-control:private, you are specifying that it shouldn't cache the page (but allowing the final user to do so). If you use cache-control: public, you are saying that it's okay for everyone to cache the page, and so the proxy would keep a copy.

As a rule of thumb, if it's something everybody can access (for example, the logo in this page) cache-control: public might be better, because the more people that cache it, the less bandwidth you'll need. If it's something that is related to the connected user (for example, the HTML in this page includes my username, so it won't be useful to anyone else) cache-control: private will be better, as the proxies would be caching data that won't be requested by other users, and they might also be keeping data that you don't want to be kept in servers that you don't trust.

And, of course, everything that is not public should have a private cache. Otherwise the data might be stored in a middle proxy server, were it could be accessed by anyone with access to it.

+1 for a great answer

adam 2010-08-16 10:54:12

The only difference is that with Private you are **not** allowing proxies to cache... I'm guessing this was a typo. +1 on the answer apart from that.It's worth adding that private does not offer any degree of security, it can still be seen by agents in the middle. It just means that no "honest" agent will give it to someone else instead of a freshly generated response.

Jon Hanna 2010-08-16 11:31:27

Fixed! It's funny because I re-read it a few times before posting, but I guess I knew the "not" had to be there, so my mind just added it :D. And yes, +1 to your comment, because it should be noted that, while recommended for user-related data, private won't replace true security (SSL).

salgiza 2010-08-16 11:39:47

It's so easy to either write "not" when you shouldn't or omit it when you should. I know a large number of my own self-edits (in different fields) is fixing that same typo.

Jon Hanna 2010-08-16 12:13:41

ansaurus

tags:

views:

answers:

Private vs Public in Cache-Control

related questions