locked
Azure strips http cache-control headers when responding via HTTPS RRS feed

  • Question

  • I have an ASP.Net MVC application (social site) that I just migrated to all-https.  It runs as an azure cloud service (Web Role - Windows Server 2012 R2).  

    Some of the dynamic pages have no user-specific content and can be considered "public" in terms of cache-control.  Obviously there can't be proxy cacheing of https-delivered content, but it could be conditionally cached on both the server and the client.   

    Unfortunately my carefully crafted cache-control and last-modified http headers are being stripped and replaced with "cache-control: private" when the response is via https on Azure.   The headers are dispatched normally when responding via http (on azure),  or on IIS express on my local dev machine (both http or https).

    It seems that Azure/IIS is trying to be "smart" by forcing client-only private cache of all https-delivered content, and causing me grief. 

    Is this an Azure IIS configuration item?  I have googled til the cows come home, and came up empty.
    Friday, January 2, 2015 2:02 AM

Answers

  • OK here is what was happening, for posterity.

    For whatever reason, the ASP.NET pipeline behaved slightly differently for the Azure site with https.

    ASP.NET was generating a session ID cookie (ASP.NET_SessionID) without my even using any session/tempdata data.   This would apparently result in the suppression of my cacheing header directives (since presumably ASP.NET does not want to permanently cache any content if it includes a private session ID cookie?).   Then the session ID cookie was not even sent to the client, since there was no session data being used!

    Removing the unnecessary session ID cookie at the time of setting the cacheing directives solved my issue.  Hope this helps someone down the road...
    Saturday, January 3, 2015 1:30 AM

All replies

  • Hi,

    please try to set cache-control in azure cloud service start-up tasks, refer to http://msdn.microsoft.com/en-us/library/azure/gg456327.aspx for more information about start-up task, and have a look at how to define cache client: http://www.iis.net/configreference/system.webserver/staticcontent/clientcache

    Regards

    • Proposed as answer by PerspectaMarc Friday, July 15, 2016 10:36 AM
    Friday, January 2, 2015 9:18 AM
  • To clarify, the above issues I am having with http headers being stripped are for dynamic content generated by asp.net Mvc,  and NOT for static content.  The cache-control and last-modified headers I am (trying to) set programatically are also dynamic and vary according to the page, database update time, etc.
    Friday, January 2, 2015 2:31 PM
  • OK here is what was happening, for posterity.

    For whatever reason, the ASP.NET pipeline behaved slightly differently for the Azure site with https.

    ASP.NET was generating a session ID cookie (ASP.NET_SessionID) without my even using any session/tempdata data.   This would apparently result in the suppression of my cacheing header directives (since presumably ASP.NET does not want to permanently cache any content if it includes a private session ID cookie?).   Then the session ID cookie was not even sent to the client, since there was no session data being used!

    Removing the unnecessary session ID cookie at the time of setting the cacheing directives solved my issue.  Hope this helps someone down the road...
    Saturday, January 3, 2015 1:30 AM
  • Hi Roberto1000,

    Thanks for sharing your solutions and experience here. It will be very beneficial for other community members who have similar questions. If you have any difficulty in future programming, we welcome you to post in forums again.

    Best Regards,
    Jambor


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Monday, January 5, 2015 1:23 AM