building REST API - long header
I'm building an API.. But I think my server sends a quite long header compared to other "APIs"..
HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 19:51:22 GMT
Server: Apache/2.2.16 (Debian)
X-Powered-By: PHP/5.3.3-7+squeeze1
Set-Cookie: PHPSESSID=dv1nrjrd47qurff4u9tn8afa84; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 0
Connection: close
Content-Type: text/html
Just want to know if there is any disadvantage of that regarding s开发者_Go百科afety?
edit
yay..! now I'm down to this
HTTP/1.1 200 OK
Date: Thu, 30 Jun 2011 20:51:18 GMT
Server: Apache
Content-Length: 0
Connection: close
Content-Type: application/json
There is no appreciable disadvantage in term of permormance to send these extra header to the client. A client should never cache the response returned by a web service call since the client usually is not a browser.
You also start a session (see the PHPSESSID cookie) and if is not useful for the client, simple don't start the session
I usually tend to hide the version of apache and PHP for security reason.
Hide Apache version: ServerTokens PROD in the httpd.conf file
Hide PHP version: expose_php = Off in the php.ini
Restart Apache
精彩评论