ARR cache header with cookieRSS

4 replies

Last post Mar 05, 2020 06:29 AM by Jalpa Panchal

  • ARR cache header with cookie

    Mar 03, 2020 08:08 PM|PDPX|LINK

    Hi,

    I have ARR as a reverse proxy forwarding request to another site on the same server. There are no server side caching rules, just simple forward and forget via rewrite rules.

    I am experiencing issue with "Cache-Control" header.

    The header is forwarded by ARR correctly if there are no cookie headers in the response. However if there is any cookie returned from the site, the ARR always changes the "Cache-Control" to "private".

    The site uses following code to set HTTP header "Cache-control: no-cache, no-store, must-revalidate" to prevent browser caching:

    Response.Cache.SetCacheability(HttpCacheability.NoCache);
    Response.Cache.AppendCacheExtension("no-store, must-revalidate");
    Response.SetCookie(new HttpCookie("test", "aaa"));

    Without ARR the response is as expected:

    HTTP/1.1 200 OK
    Cache-Control: no-cache, no-store, must-revalidate
    Pragma: no-cache
    Content-Type: text/html; charset=utf-8
    Expires: -1
    Set-Cookie: test=aaa; path=/; HttpOnly
    Date: Tue, 03 Mar 2020 19:58:08 GMT
    Content-Length: 19
    

    However the ARR transforms the response and returns instead:

    HTTP/1.1 200 OK
    Cache-Control: private
    Pragma: no-cache
    Content-Type: text/html; charset=utf-8
    Expires: -1
    Set-Cookie: test=aaa; path=/; HttpOnly
    X-Powered-By: ARR/3.0
    Date: Tue, 03 Mar 2020 19:58:34 GMT
    Content-Length: 19
    

    The issue is really the presence of the cookie header. If the cookie is not set, the ARR keeps "Cache-Control: no-cache, no-store, must-revalidate".

    Any idea how this could be solved? Setting max-age does not help, ARR drops it.

    The incorrect cache-control causes issues with browser caching.

    Thanks!

  • Re: ARR cache header with cookie

    Mar 04, 2020 08:05 AM|Jalpa Panchal|LINK

    Hi,

    You could try to set the below code in web.config file:

    <system.webServer>
        <modules runAllManagedModulesForAllRequests="false">
        </modules>
    </system.webServer>

    or

    <configuration>
        <system.webServer>
            <staticContent>
                <clientCache cacheControlMode="DisableCache" />
            </staticContent>
        </system.webServer>
    < /configuration>

    I think you could refer to the follow issue to achieve your goal:

    https://stackoverflow.com/questions/11213637/iis-7-0-iis-adding-private-to-cache-control-where-is-that-coming-from

    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue.
    If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.
  • Re: ARR cache header with cookie

    Mar 04, 2020 08:20 AM|PDPX|LINK

    Unfortunately the link to Stack overflow is not related to my issue.

    The link deals with general MVC cache headers which in my case are correct. Issue occurs only after processing and rewriting the HTTP headers by ARR.

    As far as I know neither of your code examples affects ARR. It affects only the source web app, which in my case is working properly.

    Any other ideas?

    Thanks.

  • Rovastar Rovastar

    5460 Posts

    MVP

    Moderator

    Re: ARR cache header with cookie

    Mar 05, 2020 06:19 AM|Rovastar|LINK

    I think you are both wrong. ;)

    It is likely that runAllManagedModulesForAllRequests setting but it needs to be set to false and not true.

    I think the Stack overflow article is relevant (and it does say set to false there) and I think you misunderstand the MVC comments there (they were saying they had an app (which happened to run MVC) and for some reason had this setting set to true but it is not needed.

    It has worked before for someone with exactly the same ARR scenerio as you before.

    https://forums.iis.net/t/1226307.aspx?IIS+rewrite+overwrites+Cache+Control+HTTP+header
    So try that. And if that doesn't work run through failed request tracing and see what is setting it to private.
    Troubleshoot IIS in style
    https://www.leansentry.com/
  • Re: ARR cache header with cookie

    Mar 05, 2020 06:29 AM|Jalpa Panchal|LINK

    Yes, you are absolutely right. runAllManagedModulesForAllRequests need to be set to false.

    it's my mistake. I apologize for that.

    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue.
    If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.