An often-overlooked aspect of IIS administration is Web page caching. Sometimes, cached-page content can become a disadvantage to a dynamic Web site, affecting both page-load-time performance and the content that users view. Caching can cause difficult-to-isolate problems when clients try to read recent database updates or use shopping-cart applications. Selected items might disappear from a client's cart, or items previously purchased from another session might suddenly appear in the cart. Site log files might not show a server's actual traffic because a portion—or all—of the page visits are cached.
You have some control over what the system caches and how long content remains in the cache. (For information about basic cache settings in Microsoft Internet Explorer—IE—see the Web sidebar "Caching in IE," which you can access at http://www.windowswebsolutions.com, InstantDoc ID 24271.) However, although the ability to force users into a specific cache setting is beneficial, you can do so only in corporate installations, and users might still alter settings from the browser distribution package (although companies with Windows 2000 deployments can use Group Policies to enforce some control over browser settings). Corporate installations also complicate matters with proxy servers and firewalls. Further, on the Internet, you can't control the browser type and settings that your viewing audience might use.
You need to go beyond such basic caching configurations. To gain more control over what your system caches and what your users view, you can use cache metatags, HTTP headers, Active Server Pages (ASP) code, and cache-buster routines.
Metatags
Metatags are optional informational HTML tags that reside in an HTML document's header section, which appears at the beginning of a document. Typically, an HTML tag identifies a Web page's contents (e.g., page description, keywords for search engines, copyright data). But you can use metatags to control caching behavior.
Although metatags are easy to implement, they're the least effective method of controlling caching. Typically, only the browser cache recognizes and honors metatags. Proxy servers rarely recognize them because the servers don't usually read a page's HTML content but simply cache the page for subsequent client hits.
Figure 1 shows some sample metatags. The "Pragma no-cache" tag prevents caching over Secure Sockets Layer (SSL) connections but doesn't prevent caching on a public or non-SSL connection. The "Expires -1" tag performs identically to a no-cache tag on a nonsecure connection and doesn't prevent caching. The system caches the page but marks the page to expire immediately.
In addition, using the "Pragma no-cache" tag in IE 4.0 is problematic—even over SSL connections—because IE 4.0 doesn't cache a page until 50 percent of the client's 64KB buffer is filled. Because the metatag appears at the top of an HTML page and the browser parses the page from top to bottom, the buffer isn't yet half full when the browser checks for the existence of a cached version of the page. The Microsoft article "'Pragma: No-cache' Tag May Not Prevent Page from Being Cached" (http://support.microsoft.com/default.aspx?scid=kb;en-us;q222064) describes a fix: Place another header section at the end of the HTML page that contains a "Pragma no-cache" header.
In general, however, using the "Pragma no-cache" tag is discouraged because, according to HTTP 1.1 and HTTP 1.0 specifications, this header is defined in the context of a request only—not a response. The "Pragma no-cache" tag is primarily intended for proxy servers and might prevent important requests from reaching the destination Web server. For more information about using HTTP headers to control caching, see the Microsoft article "HOWTO:Prevent Caching in Internet Explorer" (http://support.microsoft.com/default.aspx?scid=kb;en-us;q234067).
HTTP Headers
HTTP headers are more effective and offer more control than metatags. HTTP headers don't appear in the HTML <HEADER> or <BODY> code; rather, the Web server automatically generates HTTP headers (according to configured settings) and sends them before sending the HTML page. The HTTP header is visible to the client browser and all intermediate caches but isn't displayed. Figure 2, page 12, shows an example of a typical HTTP server-response header sent from a server to a client. Figure 3, page 12, shows an example of a client-request header sent to the server.
To control caching, you can use Pragma, Expires, or Cache-Control HTTP server-response headers. The HTTP specification for the Pragma header offers only loose guidelines, so most caches don't recognize this header type.