DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=6709>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=6709 Images on protected areas have not "Last modified" header ------- Additional Comments From [EMAIL PROTECTED] 2003-03-26 18:33 ------- There is a flag named disableProxyCaching in AuthenticatorBase.java which when set to false prevents the default behavior of adding no-cache response headers to all constrained resources which are not protected by SSL. The question is: How can I set this flag? PS: It seems to me that the default behavior should apply ONLY to resources that are subject to a security-constraint that specifies an auth-constraint. You could then explicitly specify public resources (i.e., list them in a security-constraint that has no auth-constraint) without preventing browsers and web proxies from caching them. This practice of using a security-constraint for every resource provides a clearer picture of your security model and allows you to use a catchall no-access constraint for the /* URL pattern. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
