Mozilla still uses cached pages when using https and no-cache headers

RESOLVED DUPLICATE of bug 162545

Status

()

--
major
RESOLVED DUPLICATE of bug 162545
12 years ago
12 years ago

People

(Reporter: rob.callahan, Unassigned)

Tracking

1.8 Branch
x86
Windows XP
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

12 years ago
User-Agent:       Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; InfoPath.1)
Build Identifier: Mozilla/5.0 Firefox 1.5.0.9

Using https and no-cache header tags, firefox allows you to browse back through secure pages after logging out of a secure session, it should bring back the login page and not the cached history. This allows anyone in a public setting who uses the same browser session to retrieve the previous persons confidential data from the cache.

Reproducible: Always

Steps to Reproduce:
1. Log out of https site
2. hit back button
3.
Actual Results:  
After logout, you should not be able to browse back through secure pages but firefox still allows this even when using the headers 'no-cache'.

Expected Results:  
hitting back button should not reload secure pages.
You should be using no-store, not no-cache if that's what you want.

Updated

12 years ago
Component: Security → Networking: Cache
Product: Firefox → Core
QA Contact: firefox → networking.cache
Version: unspecified → 1.8 Branch

Updated

12 years ago
Group: security
Status: UNCONFIRMED → RESOLVED
Last Resolved: 12 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 162545
(Reporter)

Comment 3

12 years ago
I added the following line:
<META HTTP-EQUIV="cache-control" NAME="cache-control" CONTENT="no-store">
to the following we already have:
<META HTTP-EQUIV="pragma" NAME="cache-control" CONTENT="no-cache">
<META HTTP-EQUIV="cache-control" NAME="cache-control" CONTENT="no-cache">

and it still goes back to cached pages... any ideas?
Status: RESOLVED → UNCONFIRMED
Resolution: DUPLICATE → ---

Comment 4

12 years ago
no-store currently has to be sent as an http header, not as a meta tag.  (That's bug 202896.)
Status: UNCONFIRMED → RESOLVED
Last Resolved: 12 years ago12 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 162545
You need to log in before you can comment on or make changes to this bug.