I edited an object’s permission to Public inside my bucket and then copied the URL to access it in a new tab in my browser and was able to access it which was obvious but then I again edited the permission and just deleted the Public entity and saved. Now when I again refresh that URL in the same browser session I’m still able to access that image but when I try to access it under a new incognito/private session only it is denied access. Still can access that in a new normal(not incognito/private) web session. Can anyone explain why this is happening. Is it because of the browser session cache?
There’s a metadata applied by default to public objects, called
Cache-Control. The default value is
public, max-age=3600, which means your public object will be cached for an hour by browsers since first access.
So despite changing permission back to "non-public", basically what you were trying to access was a cached version of that object available since your first access to it.
If you want no cache on your object so that a permission change is in effect immediately, you need to explicitly define
Cache-Control with value of
no-cache,max-age=0. You can do that via Console or with the command