cache-aware server-push

[kazuho]

To optimize the responsiveness of a website, it is desirable to push assets (e.g. CSS and/or JavaScript files) that block the page rendering process when and only when such files do not already exist within the client's cache. However, the specifications do not define a way to determine whether if a resource is already cached.

This issue proposes of using a cookie containing a probablistic data set as an approximation for determining the cache state of the client, and using it for restricting server-push - i.e. only push the asset files that are unlikely to be cached.

Basic Design

• use a single cookie that stores a Golomb coded set as to mark if the assets are cached
• key for the set will be calculated as key(filename)=sha1(filename + etag(filename))
• for each HTTP2 connection, the server maintains the value of the set
  • the set is initialized as empty
  • when receiving the cookie, the value of the set is set the the received value
  • when starting to send a response, for that response mark the set using a key calculated using the rule above, and send set-cookie header containing the value of the set
  • when application logic triggers a server-push, check if the to-be-pushed content is marked within the set, and if marked, ignore the trigger. If not, push the content to the client at the same time updating the value of the set using the rule above.
• server may also maintain a set that maps all the existing files, and use the set to clear the keys of the incoming set that do not exist (i.e. means that the corresponding file has either been removed or updated), before copying the value to the internally maintained value

By applying this design for restricting server push, the only drawback of using server push will become when the cookie on the client expires before the asset cached in the client's cache expires. In other words, the design will work effectively if such case is unlikely.

Notes

Since HTTP2 multiplexes the HTTP requests over a single stream, it has become possible for the web server to expect in which order the client receives the responses (i.e. we can safely say that: if the client has received the headers of response A, then it must have received the headers of response B that has been sent prior to A). The design takes advantage of the property.

A good read on Golomb coded set is this blogpost. The only issue the doc has is how M of Golomb coded is calculated; theoretically it should use median instead mean value.

[kazuho]

@igrigorik @tatsuhiro-t @summerwind @Jxck You might be interested in this.

[Jxck]

looks so nice ! but I wanna ask some point of view.

1, using cookie or frame (http1/http2)

cookies used lots of purpose and it has limited to under 4K.
so it seems better to add new semantics to other properties, like new header or so.
in this idea, browser adds cache information to http request, so there are no problem to adding new X- headers.

but I wonder this is adding semantics to http1 or http2.
if adding to http1, that means adding new http header,
but if adding to http2, adding new http2 Frame or setting seems better.

and server push is only for http2. and http1 server could do nothing for receive cached status.
so I think its better to add Frame or settings to http2, instead of adding data to cookies.

2, way to ask client without request

it's just idea, but there are no way to ASK browser this status ?
for example, in case of offline cached application using service worker,
server wanna push content if that's newer than service worker caches.
in that case, server wanna ask cache status without browser request.

3, security consideration

in http1, Etags are used to tracking user.
so I wonder this Idea may increase information for tracking user or not.
(ex, serve different name content to each user every time, and browser sends this information. could server gets the order of page user visited ?)

[kazuho]

@Jxck Thank you for your comments.

1, using cookie or frame (http1/http2)

cookies used lots of purpose and it has limited to under 4K.
so it seems better to add new semantics to other properties, like new header or so.

No. It need not be.

As discussed in the blog post linked above, the theoretical minimum size of a probability data set like Golomb coded set is N * log2(1/P) bits where N is the number of files to be potentially be pushed, and P being the probability of false positive, and Golomb coded set is pretty near to the minimum.

So for example, if you have 100 CSS or JavaScript files on your website (N=100), and want the probability of false positive to be 1%, the size of the coded set is estimated to be slightly above 83 bytes (100 * log2(1/100) bits). Of course we need to encode the value to fit in the characters permitted as HTTP header values, but anyways it is far below the 4K limit.

EDIT. FWIW http://browsercookielimits.squawky.net says that there is no per-domain cookie size limit for Chrome and Firefox. Safari has a stricter limit (8K per domain) and we might be careful on using this feature for the web browser once the new version with HTTP/2 support gets shipped.

2, way to ask client without request

it's just idea, but there are no way to ASK browser this status ?

Not that I am aware of. I doubt if there is such a way considering the fact that we need to include the status as part of the first HTTP request that is sent by the client.

3, security consideration

in http1, Etags are used to tracking user.
so I wonder this Idea may increase information for tracking user or not.

That is a good question.

I believe that this implementation (by using cookies) does not impose any new privacy issues.

As explained, I believe that this feature can be implemented using Cookies. It is also true that this feature must be implemented by using an information not bound to a specific URI (like etag). In other words it does not abuse etag.

[igrigorik]

A few thoughts as I'm reading this:

1. Cookies are per-origin, so each origin would have to replicate such functionality.
2. Many existing "static hosting providers" are "cookieless domains".
3. Having a cookie indicating expected resource TTL does not indicate that the resource is actually in cache; there is no way to traverse the HTTP cache either.

(3) in particular I think might be an issue in practice. We do know that caches get cleared often (although not sure that we have a great understanding of why that is; something we're investigating in Chrome), and that might render all of this not that useful.

FWIW, I think it might be worth exploring a SW-interop story first.. With SW you can manage your own caches and you can append arbitrary headers, which addresses all of the above. The story would then become: drop this SW script on your site and deploy this smart server on the other end, the two of them will talk to each other to figure out how and when resources are updated, when they're pushed, etc.

[kazuho]

@igrigorik Thank you for your comments.

(1) Cookies are per-origin, so each origin would have to replicate such functionality.
(2) Many existing "static hosting providers" are "cookieless domains".

I am considering of implementing this feature within H2O to miminize the users' burden on using the feature.

Once this issue gets implemented, web applications do not need to take care of Cookies. All they need to do is to say I want these assets to be pushed (presumably via the Link header), and the web server (by looking at the Cookie and the etags of the pushed assets) determine whether they should in fact be pushed or cancelled.

(3) in particular I think might be an issue in practice. We do know that caches get cleared often (although not sure that we have a great understanding of why that is; something we're investigating in Chrome), and that might render all of this not that useful.

I agree. I did not know that Chrome has such issues. Thank you for the information.

But all the side effect of such false-positive (i.e. cookies incorrectly says that it is cached) is that it disables the server-push for the file. The client can simply pull the file in such case (which means that it is self-reparing as well).

So even if such case seem to be somewhat common (e.g. 10% of revisiting users suffer from the issue), we can enable server push making 90% of the revisting users and all new users happy, without causing any negative impact on the user-experience of the users that do suffer from the issue.

FWIW, I think it might be worth exploring a SW-interop story first.. With SW you can manage your own caches and you can append arbitrary headers, which addresses all of the above. The story would then become: drop this SW script on your site and deploy this smart server on the other end, the two of them will talk to each other to figure out how and when resources are updated, when they're pushed, etc.

Thank you for the suggestion.

While I agree that using ServiceWorker when possible would give you more precise control, my understanding is that in case of speeding up a web-page load there is a chiken-egg problem.

My understanding is that not until the browser start rendering a webpage it is possible for the ServiceWorker to communicate with the script on that page (and for the webpage to communicate with the ServiceWorker the webpage would need to load certain scripts).

The design described on this issue covers such use cases.

Considering the fact that the approach proposed in this issue is fairly simple, I am thinking that the best way forward would be to implement it first, and learn from it how we can improve.

[igrigorik]

I agree. I did not know that Chrome has such issues. Thank you for the information.

To clarify, it's not just Chrome... same pattern repeats across all browsers: https://code.facebook.com/posts/964122680272229/web-performance-cache-efficiency-exercise/

My understanding is that not until the browser start rendering a webpage it is possible for the ServiceWorker to communicate with the script on that page (and for the webpage to communicate with the ServiceWorker the webpage would need to load certain scripts).

No, once the SW is registered it is woken up the moment the navigation request is made. At this point the SW has full control of whether it wants to dispatch the nav request, serve from cache, etc.. Same logic applies to all subresources as well.

[kazuho]

@igrigorik

To clarify, it's not just Chrome... same pattern repeats across all browsers: https://code.facebook.com/posts/964122680272229/web-performance-cache-efficiency-exercise/

Thank you for the clarification and the link! With the numbers it is possible to estimate how much the benefits of implementing cache-aware server-push would be.

No, once the SW is registered it is woken up the moment the navigation request is made. At this point the SW has full control of whether it wants to dispatch the nav request, serve from cache, etc.. Same logic applies to all subresources as well.

Thank you for the clarification. Looking back to the SW docs, apparently I have missed one of the key aspects of the specification.

Now I agree not only using ServiceWorker is possible but also that it is optimal.

Presumably, we could also push the script file containing the ServiceWorker-related code by detecting the absense of the modifications to the headers done by ServiceWorker.

[kazuho]

The feature should be limited to HTTP2 over TLS (not any HTTP2), since in case of h2c proxies may scramble the response order (pointed out by @tatsuhiro-t).

[kazuho]

I have done some initial tests using a prototype I have built using Firefox, and the fact is that it is hard to guarantee the order in which the cookie in the responses are recognized by the web browser even though we can control the order in which the responses are received by the browser in case of h2.

In other words, it is essential to set the cookie using client-side logic using JavaScript, and I believe that can be done without using ServiceWorker as well (with the exception that you would not be able to remove entries that have been purged from cache).

[igrigorik]

@kazuho can you elaborate on why the order is important? Not sure I understand what the issue is there.

[kazuho]

@igrigorik Of course!

The fundamental requirement of cache-aware server push is that we need to have a fingerprint of what is being cached. And since it is a fingerprint, a single value (essentially a bit-vector) contains information of all the asset files being cached.

Consider we are sending two asset files (named A and B with A being the first and B being the second). Also consider that the corresponding bit within the Bloom filter for A is 1, and for B is 9.

In this case, we would be sending two responses:

# response for A
HTTP/2 200 OK
Set-Cookie: fingerprint=0100000000

[content-of-A]
# response for B
HTTP/2 200 OK
Set-Cookie: fingerprint=0100000001

[content-of-B]

As you can see, at the moment we have sent A, we should only set fingerprint for A (but not B), since B is not delivered yet. And then after sending B then we should set fingerprint to contain both A and B.
(off topic: it would have been desirable to set the cookie in trailer)

The assumption I had was that since h2 is a stream, we could guarantee that the set-cookie headers are recognized by the browser in the order they are sent, under the premise that they are in the same order as they appear in HTML.

But it seems that (at least for Firefox) the expectation seems to have been wrong, it was not always the case that the cookie contained in the last response was processed last.

The fact means that we cannot rely on the server sending Set-Cookie header to set the correct fingerprint; we need to use either XHR or SW and in their callbacks (or promises) update the fingerprint (stored in the cookie) to appropriate value.

[igrigorik]

@kazuho would it be possible to emit just one Set-Cookie per "push block" instead ? From client's perspective the per-resource set-cookie is overhead; you just need to emit one such directive per "push block"... if you know what you need to push on the server ahead of time, seems like that shouldn't be too hard to implement?

[kazuho]

@igrigorik Thank you to you and Patrick for the suggestions at the workshop.

I think I have found a way to work around the issue without using JavaScript.

Until now, I have tried to update the cookie for every asset being sent. But as you pointed out, we could do it other ways.

I am now considering of updating the cookie in the parent stream for all the pushed sub-streams at once. In case of the example I showed, I am thinking of sending the Set-Cookie header associated to the response of index.html.

It is true that such an approach might cause false-positives (i.e. resource that has not been cached might get marked as such if the connection terminates early).

But is that an issue? I do not think so. All what happens in case of having a false-positive is that push does not occur for that asset; it simply gets pulled by the browser.

OTOH this approach is good in the fact that it prevents false-negatives. In case of the original approach that included Set-Cookie headers in the pushed responses, there was a possibility that an asset being pushed does not get marked, when the asset was never used by the web browser.

This would become a real problem when server administrator mis-configures what to push. If an asset that is never actually used (from HTML) gets pushed, in the original approach the Set-Cookie header of the pushed resource will be ignored in case of Firefox (FWIW my understanding is that Chrome recognizes the Set-Cookie header in this case as well), and it may trigger that resource to get pushed every time the user visits the web page (because the cookie with the corresponding bit set never gets recognized).

As said, this drawback in the original approach (BTW thanks to @Jxck for pointing it out on the chat) will disappear if we set the cookie in the parent stream, which to me seems like a really good thing.