Closed
Bug 466452
Opened 16 years ago
Closed 12 years ago
How to prevent Firefox 3 from caching
Categories
(Firefox :: General, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 441751
People
(Reporter: stefan.ulbrich, Unassigned)
References
Details
(Whiteboard: [sg:dupe 441751])
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4 Hello, i work at a University and have several web applications with which users can display sensitive and confidential information, such as grades. It is important that we prevent someone from walking up to a computer, hitting “Back” a few times, and seeing pages from a session which the previous user logged out of. Yes, I know the previous user should have closed the browser, but we can’t force that, and I am required to do what I can to protect people from themselves. With Firefox 1 and 2, “Cache-control: no-cache” accomplished this goal. I’ve spend the last several hours trying to figure out how to prevent Firefox 3 from caching my pages, with no luck. It completely ignores “Cache-control: no-store, no-cache, must-revalidate”, META-Examples from my Web-Application: <!-- no cache headers --> <META http-equiv="Cache-Control" content=" no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" content="-1"> <meta http-equiv="no-cache"> <!-- end no cache headers --> Does anybody have any suggestions for how to keep Firefox 3 from caching? The connection is via https, if that matters. Thank you for any suggestions. Reproducible: Always Steps to Reproduce: 1. 2. 3.
Comment 1•16 years ago
|
||
dupe of Bug 441751 ?
Comment 2•16 years ago
|
||
Are you using HTTP headers or only <meta> equivalents?
Reporter | ||
Comment 3•16 years ago
|
||
<html> <head> <META HTTP-EQUIV="REFRESH" CONTENT="500"> <META http-equiv="Cache-Control" content=" no-store, no-cache, must-revalidate, pre-check=0, post-check=0, max-age=0"> <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" content="-1"> <meta http-equiv="no-cache"> </head> <BODY class="background"> only <meta> equivalents
Comment 4•16 years ago
|
||
Looks like a duplicate to me, but we should revisit once that bug is fixed.
Depends on: CVE-2009-0358
Comment 5•16 years ago
|
||
Stefan: Does this bug need to remain hidden from the public?
Updated•16 years ago
|
Whiteboard: [sg:dupe 441751]
Reporter | ||
Comment 6•16 years ago
|
||
I Have have seen, that is global problem. My Onlinebankingsystem have the same problems with the meta-tags. After log and i hit the back-button - i can see the giro-data from my giro account. which patch for firefox exist, which fixed the bug like in comment 4. Bye Stefan
Comment 7•16 years ago
|
||
You might want to read the bug this one depends on.
Updated•16 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
Updated•12 years ago
|
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•