yes I meant HTTP and I am pretty sure it will make a big difference. Maybe before changing your java code you can inject/test it somehow otherwise, e.g. with a reverse proxy ahead or whatever.
HTH Michael Am 06.05.14 22:46, schrieb Linda Toth: > Hello Michael and Richard > > I was blithely doing my best to ignore the suggestion that I change the > java source. In searching for answers, I did see that solution along with > the META tags, but hoped I could resolve it in the HTML header. Still > doing my best to keep my head in the sand, I read HTTP as HTML (always the > optimist) and convinced myself those were actually javascript invocations > instead of java. > > Oh well > > Linda > > Linda Toth > University of Alaska - Office of Information Technology (OIT) - Identity > and Access Management > 910 Yukon Drive, Suite 103 > Fairbanks, Alaska 99775 > Tel: 907-450-8320 > Fax: 907-450-8381 > [email protected] | www.alaska.edu/oit/ > > > > On Tue, May 6, 2014 at 11:25 AM, Richard Frovarp > <[email protected]>wrote: > >> Those are in the HTML header. The ones Michael lists need to be in the >> HTTP header. That will require changing the source code of your >> applications, or having HTTPD or whatever your webserver is inject them. >> >> >> On 05/06/2014 02:17 PM, Linda Toth wrote: >> >> The META statements I posted are in the header; I thought that would be >> sufficient, but I am more than willing to give this a try! >> >> L >> >> Linda Toth >> University of Alaska - Office of Information Technology (OIT) - Identity >> and Access Management >> 910 Yukon Drive, Suite 103 >> Fairbanks, Alaska 99775 >> Tel: 907-450-8320 >> Fax: 907-450-8381 >> [email protected]??|??www.alaska.edu/oit/ >> >> >> >> On Tue, May 6, 2014 at 10:58 AM, Michael Wechner < >> [email protected]> wrote: >> >>> Try setting the no-cache inside the HTTP header: >>> >>> ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? response.setHeader("Cache-Control", >>> "no-cache, >>> >>> no-store, must-revalidate"); // HTTP 1.1. >>> ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? response.setHeader("Pragma", "no-cache"); >>> // HTTP 1.0. >>> ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? response.setDateHeader("Expires", 0); // >>> Proxies. >>> >>> >>> HTH >>> >>> Michael >>> >>> Am 06.05.14 20:54, schrieb Linda Toth: >>> > Hello >>>> We clearly posted a notice on our logout page explicitly telling users >>> to >>>> close their browser (or drop the tab) after exiting a client >>> application. >>>> ??We are not seeing users take advantage of that notice and instead have >>>> complaints from the registrar about the caching behavior of browsers. >>> Since >>>> the data is private and violates FERPA in addition to leaving careless >>>> users vulnerable with regard to personal financial details, we are >>> taking >>>> this seriously. >>>> >>>> We have tried applying the following META tags in both the client app >>> pages >>>> and CAS pages to stop the browser caching with absolutely no effect >>>> whatsoever. ??Suggestions? >>>> <meta http-equiv="Cache-control" content="no-cache, no-store, >>>> must-revalidate"/> >>>> >>>> <meta http-equiv="Pragma" content="no-cache" /> >>>> >>>> <meta http-equiv="Expires" content="0" /> >>>> >>>> >>>> Linda Toth >>>> University of Alaska - Office of Information Technology (OIT) - Identity >>>> and Access Management >>>> 910 Yukon Drive, Suite 103 >>>> Fairbanks, Alaska 99775 >>>> Tel: 907-450-8320 >>>> Fax: 907-450-8381 >>>> [email protected] | www.alaska.edu/oit/ >>>> >>> >>> -- >>> You are currently subscribed to [email protected] as: >>> [email protected] >>> To unsubscribe, change settings or access archives, see >>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
