Peter, I'm using the same cache-control values on my server for the same reason. I'll have to try removing 'no-cache, no-store'. I'm not sure how or if that would affect form submissions. Unfortunately, I'm about to take off for a week and won't have a chance to test until I get back.
FWIW, here's the full IETF RFC for HTTP 1.1 http://www.ietf.org/rfc/rfc2616.txt The sections relevant to caching begin around page 110. Without reading the whole thing, it appears that it might be possible to replay a form submission by removing the controls (assuming the user is still logged in). I'd be interested to hear what you find out if you test this. Thanks, michael -- michael acadia | [EMAIL PROTECTED] Peter Legg wrote: > Michael, > > Yes, that's it! I added the following to the application.cfm file recently: > > <cfheader name="Expires" value="#GetHttpTimeString(Now())#"> > <cfheader name="Pragma" value="no-cache"> > <cfheader name="cache-control" value="no-cache, no-store, must-revalidate"> > > I did it primarily to prevent those logged out from using the back button to > view the previous pages. I removed "no-cache, no-store," from the last one > and it works fine - still prevents the use of the back button. I guess I may > still have problems with duplicate form submissions? > > Thanks for your help, > > Peter > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/cf_lists/message.cfm/forumid:4/messageid:247401 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
