Created attachment 471612 [details] PHP testcase Bug 327790 was RESOLVED INVALID because it was determined that the reporter and bug commenters were using the incorrect HTTP headers to achieve the desired behavior (to stop bfcache from caching a resource). It may be the case that bug 327790 has regressed because it doesn't appear possible to stop a bfcache'd resource from being accessible by going into Offline Mode and refreshing the tab. Darin's caching FAQ  says that bfcache won't serve expired content, which implies that sites should be able to work around the Offline issue by sending an Expires header with a date in the past, but my testing showed that this method doesn't work. A simple way to demonstrate this is to: 1) Login to Facebook 2) Logout of Facebook 3) Hit Back button (stays on login page) 1) Login to Facebook 2) Logout of Facebook 3) Check Offline Mode 4) Hit Back button (displays the cached home.php page) I also attached a simple PHP testcase that I was using when experimenting with various combinations of headers. Someone may find it useful. It would be nice to fix Offline Mode so that no-cache resources are never displayed.  http://www.mozilla.org/projects/netlib/http/http-caching-faq.html
CC'ing a couple of folks who might be able to help route this bug.
This just needs an owner, right?
That would be most excellent.
cc-ing Byron/bjarne in case either can take it at some point fairly soon.
Want to see if bsmith has any thoughts on this one.
no-cache is allowed in the bfcache now even online
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.