Closed Bug 86264 Opened 24 years ago Closed 24 years ago

Content sent with 'Cache-Control: no-store' should _only_ be reused when browsing via history.

Categories

(Core :: Networking: HTTP, defect)

Product:
Core
Component:
Networking: HTTP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WONTFIX
Milestone:
mozilla1.0

People

(Reporter: darin.moz, Assigned: darin.moz)

Details

Content sent with 'Cache-Control: no-store' should _only_ be reused when browsing via history. We currently attempt to validate the 'no-store' content before reusing, which does not cause problems per-se, but it does seem to violate the intention of the 'Cache-Control: no-store' response header.
Target Milestone: --- → mozilla0.9.3
let me be more specific: i believe that servers expect us to not reuse no-store content, and that servers may use this as a mechanism to require a mandatory reload (not revalidation) of an URL. currently, mozilla will attempt to validate no-store content. BTW: the reason we even bother to cache no-store content is for the purpose of browsing via session history, which RFC2616 explicitly permits.
I'm working on an online application where users log in and can log out, or get loogged out when their session expires. I am using a cache control header to block caching of information so that if their session expires, all subsequent pages do not load (not from the server or from the cache). Currently, the application works as expected both in IE 5.5 and in NN4.x. Is there a standard that I am unaware of that I need to learn more about? the headers I'm sending are as follows. Any help would be greatly appreciated, even if its just being pointed towards required reading. jason fournjm8@juniata.edu header ("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past header ("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); // always modified header ("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1 header ("Pragma: no-cache"); // HTTP/1.0
currently, none of those headers would prevent the user from browsing to the page via the Back/Forward buttons. however, any new link clicks that take the user to one of those pages will result in a new server hit. the header "Cache-Control: no-cache" is equivalent to "Cache-Control: must-revalidate". the header "Cache-Control: no-store" just requires that the server response not be cached on disk, but it does not prevent the caching of the data for the purposes of session history (ie. Back/Forward buttons).
Status: NEW → ASSIGNED
Target Milestone: mozilla0.9.3 → mozilla1.0
'Cache-control: no-store' now prevents data from being cached at all. marking this bug as WONTFIX.
Status: ASSIGNED → RESOLVED
Closed: 24 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.