Hello Michael and Richard I was blithely doing my best to ignore the suggestion that I change the java source. In searching for answers, I did see that solution along with the META tags, but hoped I could resolve it in the HTML header. Still doing my best to keep my head in the sand, I read HTTP as HTML (always the optimist) and convinced myself those were actually javascript invocations instead of java.
Oh well Linda Linda Toth University of Alaska - Office of Information Technology (OIT) - Identity and Access Management 910 Yukon Drive, Suite 103 Fairbanks, Alaska 99775 Tel: 907-450-8320 Fax: 907-450-8381 [email protected] | www.alaska.edu/oit/ On Tue, May 6, 2014 at 11:25 AM, Richard Frovarp <[email protected]>wrote: > Those are in the HTML header. The ones Michael lists need to be in the > HTTP header. That will require changing the source code of your > applications, or having HTTPD or whatever your webserver is inject them. > > > On 05/06/2014 02:17 PM, Linda Toth wrote: > > The META statements I posted are in the header; I thought that would be > sufficient, but I am more than willing to give this a try! > > L > > Linda Toth > University of Alaska - Office of Information Technology (OIT) - Identity > and Access Management > 910 Yukon Drive, Suite 103 > Fairbanks, Alaska 99775 > Tel: 907-450-8320 > Fax: 907-450-8381 > [email protected]??|??www.alaska.edu/oit/ > > > > On Tue, May 6, 2014 at 10:58 AM, Michael Wechner < > [email protected]> wrote: > >> Try setting the no-cache inside the HTTP header: >> >> ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? response.setHeader("Cache-Control", >> "no-cache, >> >> no-store, must-revalidate"); // HTTP 1.1. >> ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? response.setHeader("Pragma", "no-cache"); >> // HTTP 1.0. >> ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? response.setDateHeader("Expires", 0); // >> Proxies. >> >> >> HTH >> >> Michael >> >> Am 06.05.14 20:54, schrieb Linda Toth: >> > Hello >> > >> > We clearly posted a notice on our logout page explicitly telling users >> to >> > close their browser (or drop the tab) after exiting a client >> application. >> > ??We are not seeing users take advantage of that notice and instead have >> >> > complaints from the registrar about the caching behavior of browsers. >> Since >> > the data is private and violates FERPA in addition to leaving careless >> > users vulnerable with regard to personal financial details, we are >> taking >> > this seriously. >> > >> > We have tried applying the following META tags in both the client app >> pages >> > and CAS pages to stop the browser caching with absolutely no effect >> > whatsoever. ??Suggestions? >> >> > >> > <meta http-equiv="Cache-control" content="no-cache, no-store, >> > must-revalidate"/> >> > >> > <meta http-equiv="Pragma" content="no-cache" /> >> > >> > <meta http-equiv="Expires" content="0" /> >> > >> > >> > Linda Toth >> > University of Alaska - Office of Information Technology (OIT) - Identity >> > and Access Management >> > 910 Yukon Drive, Suite 103 >> > Fairbanks, Alaska 99775 >> > Tel: 907-450-8320 >> > Fax: 907-450-8381 >> > [email protected] | www.alaska.edu/oit/ >> > >> >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> > > -- > You are currently subscribed to [email protected] as: > [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > -- > You are currently subscribed to [email protected] as: [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
