Try setting the no-cache inside the HTTP header:
response.setHeader("Cache-Control", "no-cache,
no-store, must-revalidate"); // HTTP 1.1.
response.setHeader("Pragma", "no-cache"); // HTTP 1.0.
response.setDateHeader("Expires", 0); // Proxies.
HTH
Michael
Am 06.05.14 20:54, schrieb Linda Toth:
> Hello
>
> We clearly posted a notice on our logout page explicitly telling users to
> close their browser (or drop the tab) after exiting a client application.
> We are not seeing users take advantage of that notice and instead have
> complaints from the registrar about the caching behavior of browsers. Since
> the data is private and violates FERPA in addition to leaving careless
> users vulnerable with regard to personal financial details, we are taking
> this seriously.
>
> We have tried applying the following META tags in both the client app pages
> and CAS pages to stop the browser caching with absolutely no effect
> whatsoever. Suggestions?
>
> <meta http-equiv="Cache-control" content="no-cache, no-store,
> must-revalidate"/>
>
> <meta http-equiv="Pragma" content="no-cache" />
>
> <meta http-equiv="Expires" content="0" />
>
>
> Linda Toth
> University of Alaska - Office of Information Technology (OIT) - Identity
> and Access Management
> 910 Yukon Drive, Suite 103
> Fairbanks, Alaska 99775
> Tel: 907-450-8320
> Fax: 907-450-8381
> [email protected] | www.alaska.edu/oit/
>
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
