![M4 MacBook Air Drops to Just $849 - Act Fast! [Lowest Price Ever]](https://www.iclarified.com/images/news/97140/97140/97140-640.jpg)
![Apple Smart Glasses Not Close to Being Ready as Meta Targets 2025 [Gurman]](https://www.iclarified.com/images/news/97139/97139/97139-640.jpg)
![iPadOS 19 May Introduce Menu Bar, iOS 19 to Support External Displays [Rumor]](https://www.iclarified.com/images/news/97137/97137/97137-640.jpg)
_Olekcii_Mach_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
![[The AI Show Episode 144]: ChatGPT’s New Memory, Shopify CEO’s Leaked “AI First” Memo, Google Cloud Next Releases, o3 and o4-mini Coming Soon & Llama 4’s Rocky Launch](https://www.marketingaiinstitute.com/hubfs/ep%20144%20cover.png)
![[DEALS] Koofr Cloud Storage: Lifetime Subscription (1TB) (80% off) & Other Deals Up To 98% Off – Offers End Soon!](https://www.javacodegeeks.com/wp-content/uploads/2012/12/jcg-logo.jpg){kind=logo}
-RTAガチ勢がSwitch2体験会でゼルダのラスボスを撃破して世界初のEDを流してしまう...【ゼルダの伝説ブレスオブザワイルドSwitch2-Edition】-00-06-05.png?width=1920&height=1920&fit=bounds&quality=70&format=jpg&auto=webp#)
.jpg?width=1920&height=1920&fit=bounds&quality=70&format=jpg&auto=webp#)
Is there any HTTP Caching mechanism/tools that allow the caching of data for authenticated users within an organisation/segment?
The Cache-Control header basically controls: When some data should be considered fresh/stale Whether the data should be stored in public caches. There are also related caching headers such as Vary which is used to nudge whether two pieces of content should be considered equal for purposes of caching. Not only your browser, but tools like Varnish and CDNs will use these headers to cache responses, prevent a request from having to go to the origin server. What's quite attractive about these tools is that they are somewhat easy to implement, a service just needs to add cache headers and CDNs and caching tools respect the headers. However, this only really seems to work for public data (eg. static assets), as soon as you add the private directive, the tools are going to start ignoring it. There are plenty of scenarios where you might want some kind of caching for authenticated users, for example: There is some kind of image sharing platform, that is for authenticated users only.* Think a tool like Jira, where you might have a thousand users in an organisation, you don't want to have return to the database each time one of them wants to see a list of tickets. *I will note that for static assets you can get private like behaviour by simply assigning each asset a unique, uniterable ID. For example Github does this with images that are attached to issues. It seems to me that at the point that you have authenticated users, any caching behaviour needs to be bespoke and occur in the application layer. Whereas I can imagine a caching tool that does something like the following: For any given request, look for a cookie (or request header) with name 'x', expecting its value to be JWT Validate the JWT against a known public key (optionally, if there were multiple segments) inspect the JWTs contents to determine what segment the user belongs to. Does such tooling exist? If not, is there an obvious reason why this isn't done?
The Cache-Control header basically controls:
- When some data should be considered fresh/stale
- Whether the data should be stored in public caches.
There are also related caching headers such as Vary which is used to nudge whether two pieces of content should be considered equal for purposes of caching.
Not only your browser, but tools like Varnish and CDNs will use these headers to cache responses, prevent a request from having to go to the origin server.
What's quite attractive about these tools is that they are somewhat easy to implement, a service just needs to add cache headers and CDNs and caching tools respect the headers.
However, this only really seems to work for public data (eg. static assets), as soon as you add the private directive, the tools are going to start ignoring it.
There are plenty of scenarios where you might want some kind of caching for authenticated users, for example:
- There is some kind of image sharing platform, that is for authenticated users only.*
- Think a tool like Jira, where you might have a thousand users in an organisation, you don't want to have return to the database each time one of them wants to see a list of tickets.
*I will note that for static assets you can get private like behaviour by simply assigning each asset a unique, uniterable ID. For example Github does this with images that are attached to issues.
It seems to me that at the point that you have authenticated users, any caching behaviour needs to be bespoke and occur in the application layer.
Whereas I can imagine a caching tool that does something like the following:
- For any given request, look for a cookie (or request header) with name 'x', expecting its value to be JWT
- Validate the JWT against a known public key
- (optionally, if there were multiple segments) inspect the JWTs contents to determine what segment the user belongs to.
Does such tooling exist? If not, is there an obvious reason why this isn't done?
![Did I Discover A New Programming Paradigm? [closed]](https://miro.medium.com/v2/resize:fit:1200/format:webp/1*nKR2930riHA4VC7dLwIuxA.gif)
