Closed
Bug 176014
Opened 22 years ago
Closed 22 years ago
HTTP/1.0 Pragma: no-cache ignored when javascript:back() or "Back"
Categories
(Core :: Networking: Cache, defect)
Tracking
()
VERIFIED
INVALID
People
(Reporter: shom, Assigned: gordon)
References
Details
on Linux trunk 2002-10-22-04
HTTP/1.0
Pragma: no-cache
is ignored when use "Back" button or "javascript:back()".
When use href, the page is reloaded.
tested on Tomcat-3.2.4 with jsps below.
----------------------------------------------------- expire.jsp
<% response.setDateHeader("Date", System.currentTimeMillis()); %><%
%><% response.setDateHeader("Expires", 0); %><%
%><% response.setHeader("Pragma", "no-cache"); %><%
%><% response.setHeader("Cache-Control", "no-cache"); %><%
%><%@page contentType="text/html" %><%@page import="java.util.*" %>
<html>
<head>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="Expires" content="Thu, 01 Jan 1970 00:00:00 GMT">
<meta http-equiv="Cache-Control" content="no-cache">
</head>
<body>
<%= new Date() %><br>
<form action="expire2.jsp"><input type=submit></form>
</body>
</html>
-----------------------------------------------------
----------------------------------------------------- expire2.jsp
<html>
<body>
OK
<a href="expire.jsp">back</a>
<a href="javascript:back()">back2</a>
</body>
</html>
-----------------------------------------------------
Comment 1•22 years ago
|
||
no-cache does not apply to session history navigation; the RFC is very explicit
about that.
If your content is sensitive and you want to prevent malicious attackers from
using "back" to get to it, use "no-store"...
Status: UNCONFIRMED → RESOLVED
Closed: 22 years ago
Resolution: --- → INVALID
Comment 3•19 years ago
|
||
*** Bug 302707 has been marked as a duplicate of this bug. ***
You need to log in
before you can comment on or make changes to this bug.
Description
•