Closed
Bug 369486
Opened 17 years ago
Closed 17 years ago
Mozilla still uses cached pages when using https and no-cache headers
Categories
(Core :: Networking: Cache, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 162545
People
(Reporter: rob.callahan, Unassigned)
Details
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; InfoPath.1) Build Identifier: Mozilla/5.0 Firefox 1.5.0.9 Using https and no-cache header tags, firefox allows you to browse back through secure pages after logging out of a secure session, it should bring back the login page and not the cached history. This allows anyone in a public setting who uses the same browser session to retrieve the previous persons confidential data from the cache. Reproducible: Always Steps to Reproduce: 1. Log out of https site 2. hit back button 3. Actual Results: After logout, you should not be able to browse back through secure pages but firefox still allows this even when using the headers 'no-cache'. Expected Results: hitting back button should not reload secure pages.
Comment 1•17 years ago
|
||
You should be using no-store, not no-cache if that's what you want.
Updated•17 years ago
|
Component: Security → Networking: Cache
Product: Firefox → Core
QA Contact: firefox → networking.cache
Version: unspecified → 1.8 Branch
Updated•17 years ago
|
Group: security
Status: UNCONFIRMED → RESOLVED
Closed: 17 years ago
Resolution: --- → DUPLICATE
Reporter | ||
Comment 3•17 years ago
|
||
I added the following line: <META HTTP-EQUIV="cache-control" NAME="cache-control" CONTENT="no-store"> to the following we already have: <META HTTP-EQUIV="pragma" NAME="cache-control" CONTENT="no-cache"> <META HTTP-EQUIV="cache-control" NAME="cache-control" CONTENT="no-cache"> and it still goes back to cached pages... any ideas?
Status: RESOLVED → UNCONFIRMED
Resolution: DUPLICATE → ---
Comment 4•17 years ago
|
||
no-store currently has to be sent as an http header, not as a meta tag. (That's bug 202896.)
Status: UNCONFIRMED → RESOLVED
Closed: 17 years ago → 17 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•