开发者

building REST API - long header

I'm building an API.. But I think my server sends a quite long header compared to other "APIs"..

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 19:51:22 GMT
Server: Apache/2.2.16 (Debian)
X-Powered-By: PHP/5.3.3-7+squeeze1
Set-Cookie: PHPSESSID=dv1nrjrd47qurff4u9tn8afa84; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 0
Connection: close
Content-Type: text/html

Just want to know if there is any disadvantage of that regarding s开发者_Go百科afety?

edit

yay..! now I'm down to this

HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 20:51:18 GMT
Server: Apache
Content-Length: 0
Connection: close
Content-Type: application/json


There is no appreciable disadvantage in term of permormance to send these extra header to the client. A client should never cache the response returned by a web service call since the client usually is not a browser.

You also start a session (see the PHPSESSID cookie) and if is not useful for the client, simple don't start the session

I usually tend to hide the version of apache and PHP for security reason.

Hide Apache version: ServerTokens PROD in the httpd.conf file

Hide PHP version: expose_php = Off in the php.ini

Restart Apache

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜