Caching Absence
Most caches store values that exist. But a lookup that finds nothing is also a result worth remembering. Negative caching stores the answer not found so repeated requests for a missing key do not hammer the origin again and again.
Why It Matters
Without it, every request for a nonexistent user or a deleted file becomes a full origin lookup that returns nothing. Attackers can exploit this by requesting random missing keys to bypass the cache entirely, a pattern related to cache penetration.
Doing It Safely
- Store a small marker such as a not found sentinel rather than the full payload.
- Use a shorter TTL than positive entries, because a missing key may be created at any moment and you do not want to serve a stale absence for long.
- Combine with a bloom filter so obviously absent keys are rejected before they reach the cache at all.
The balance is real: too long a negative TTL hides newly created data, too short and the protection weakens.
Key idea
Negative caching remembers that a key does not exist, using a short TTL marker to stop repeated origin lookups for missing data while limiting how long absence is served.