Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
3.0.0
Description
We recently find a issue with Shindig cache. The problem can be happens with the following conditions
1) Client perform a makeRequest call with refresh equals 0.
2) The clock of web resource server is about 1.5 minutes faster than the clock of Shindig server
3) The web resource server returns the resource with Cache-Control header set to no-cache.
When user A perform a makeRequest call to the web resource, it will get the response correctly, and then the second user B performs the same makeRequest call, Shindig returns the cached response. But in fact, it should not, because refresh equals 0 is specified and Cache-Control: no-cache is present in the response.
The reason is beause refresh equals 0 will override the cache-control:no-cache header in response with Cache-Control:public,max-age=0 header. And the next time, the cached response retrieved, the TTL of the cached response will be calculated by Date header. And because of the clock skew (Shindig only fix the time drift larger than 3 minutes), it leaves a time window in which the cached response will be returned, while it should not be.