Expiration with the Cache-Control Header

Most of the time, you will use the Cache-Control header, which is used to specify many different cache directives:

1
2
3
4
5
6
7
8

use Symfony\Component\HttpKernel\Attribute\Cache;
// ...

#[Cache(public: true, maxage: 600)]
public function index()
{
    // ...
}

1
2
3
4

// sets the number of seconds after which the response
// should no longer be considered fresh by shared caches
$response->setPublic();
$response->setMaxAge(600);

The Cache-Control header would take on the following format (it may have additional directives):

1

Cache-Control: public, max-age=600

Expiration with the Expires Header

An alternative to the Cache-Control header is Expires. There's no advantage or disadvantage to either.

According to the HTTP specification, "the Expires header field gives the date/time after which the response is considered stale." The Expires header can be set with the expires option of the #[Cache()] attribute or the setExpires() Response method:

1
2
3
4
5
6
7
8

use Symfony\Component\HttpKernel\Attribute\Cache;
// ...

#[Cache(expires: '+600 seconds')]
public function index()
{
    // ...
}

1
2
3
4

$date = new DateTime();
$date->modify('+600 seconds');

$response->setExpires($date);

The resulting HTTP header will look like this:

1

Expires: Thu, 01 Mar 2011 16:00:00 GMT

Note that in HTTP versions before 1.1 the origin server wasn't required to send the Date header. Consequently, the cache (e.g. the browser) might need to rely on the local clock to evaluate the Expires header making the lifetime calculation vulnerable to clock skew. Another limitation of the Expires header is that the specification states that "HTTP/1.1 servers should not send Expires dates more than one year in the future."