274875 - despite being logged out of gmx.de going back in browser history shows content

Status: RESOLVED INCOMPLETE

(Firefox :: Bookmarks & History, defect)

Description

[mhsurfer]

Hi!

After logging out of my eMail account at www.gmx.de I pressed the Back-Button.
FF1.0 shows me all the content I looked at, when I was logged in. Only clicking
on any link shows a page informing me that the session is timed out. But IE
directly shows this timed-out-info-page when going back in browser history...

Perhaps it is my job to clean the browser cache after logging out?! Is it just
'security by obscurity' within IE not showing the content though it is still in
the cache?

thanks!
Martin

Comment 1

[Dave]

> ...I pressed the Back-Button.
> FF1.0 shows me all the content I looked at, when I was logged in. Only clicking
> on any link shows a page informing me that the session is timed out. But IE
> directly shows this timed-out-info-page when going back in browser history...
I sometimes get the feeling that Firefox ignores cache-control headers for the
purposes of session history.  I personally consider this a feature:  being able
to navigate back and forth through every page in my session history without
Firefox trying to reload a page or tell me that the session is timed out. 
Someone has probably reported this behavior already; if I'm correct, it got
wontfixed.  I'll do some searching.

> Perhaps it is my job to clean the browser cache after logging out?!
AFAIK, closing the browser window -- or even just the tab -- in which you were
viewing the website obliterates the session history; you shouldn't have to clear
caches.

Comment 2

[Dave]

See Bug 139541, which sounds to me to be similar to -- if not the same as -- the
issue you report here.  Probably a wontfix.

Comment 3

[Jaime Mitchell (use bugmail@jaimem.org.uk for email)]

Can someone please provide the headers that the site sends.

Comment 4

[Rene L.]

Firefox 1.5 RC2 / Livehttpheaders 0.11 output:

1) After login

HTTP/1.0 200 OK
Date: Mon, 14 Nov 2005 13:35:26 GMT
Server: Apache
Pragma: no-cache, no-cache
Cache-Control: no-cache, no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT, -1
Content-Type: text/html
X-Cache: MISS from xxx
X-Cache-Lookup: MISS xxx
Proxy-Connection: close

2) Normal session content

HTTP/1.0 200 OK
Date: Mon, 14 Nov 2005 13:36:19 GMT
Server: Apache
Cache-Control: no-cache, no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT, -1
Pragma: no-cache, no-cache
Content-Type: text/html; charset=iso-8859-1
X-Cache: MISS from xxx
X-Cache-Lookup: MISS from xxx
Proxy-Connection: close

3) After logout

HTTP/1.0 200 OK
Date: Mon, 14 Nov 2005 13:36:56 GMT
Server: Apache Coyote/1.0
P3P: policyref="http://www.gmx.net/static/w3c/p3p.xml", CP="CAO DSP COR CUR TAIi PSA PSDi ADM OUR OTR STP UNI FIN STA"
Content-Type: text/html;charset=utf-8
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 11934
X-Cache: MISS from xxx
X-Cache-Lookup: MISS from xxx
Proxy-Connection: keep-alive
Cache-Control: no-cache
Pragma: no-cache
Expires: -1

4) History Back

HTTP/1.0 200 OK
Date: Mon, 14 Nov 2005 13:36:19 GMT
Server: Apache
Cache-Control: no-cache, no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT, -1
Pragma: no-cache, no-cache
Content-Type: text/html; charset=iso-8859-1
X-Cache: MISS from xxx
X-Cache-Lookup: MISS from xxx

Comment 5

[Steve England [:stevee]]

Reporter, do you still see this problem with the latest Firefox 2? If not, can you please close this bug as WORKSFORME. Thanks!

Comment 6

[mhsurfer]

It's still the same behaviour with latest FF 2... But maybe it's just because of that site?! 

Comment 7

[Shawn Wilsher :sdwilsh]

Bulk closing all UNCONFIRMED bugs dealing with places that haven't had any bug activity in over 120 days, have no votes, and are not enhancement requests.

If you are still experiencing this issue in Firefox 3.0 or later, please re-open the bug with steps to reproduce (if they were not part of the original comment).