I found that it does the following at lines 484-486 in
AuthenticatorBase.java.
sresponse.setHeader("Pragma", "No-cache");
sresponse.setHeader("Cache-Control", "no-cache");
sresponse.setDateHeader("Expires", 1);
I also found that the servlet API seems to provide no way to delete these
headers (short of deleting all the headers by calling reset()) or query to
see what headers are set in the HttpServletResponse object.
Note, doing a setHeader() with the value set to null or "" doesn't delete
the header. If I set them all to null or "", Netscape 4 still doesn't cache
the page like it does when they're not present.
Any ideas?
Also, why is "Expires" being set? I'm assuming "Pragma" is needed for HTTP
1.0 backward compatibility. "Expires" shouldn't be necessary, should it?
IMHO, it should be possible to turn caching back on if you want it on. For
my application, I'm using SSL because I don't want the authentication
information getting sniffed, the rest of the network traffic I don't care
about much and I don't care if it gets cached. It seems like a Cache-Control
setting of "no-store" would work better (as far as I know, this means it's
OK to cache the pages in volatile memory, just not nonvolatile memory).
Jon
----- Original Message -----
From: "Jonathan Eric Miller" <[EMAIL PROTECTED]>
To: "Remy Maucherat" <[EMAIL PROTECTED]>; "Tomcat Users List"
<[EMAIL PROTECTED]>
Sent: Friday, February 15, 2002 11:35 AM
Subject: Re: Did the default HTTP expires header change in Tomcat?
> Thanks. Is there a way that I can override this behavior and revert back
to
> the old behavior? I'm guessing that you're using a HTTP header to do this?
> I'm guessing that I can use HttpServletResponse.setHeader() to override
it?
> Is it the "expires" header, or something else? What value is it setting
now,
> and what was the original value?
>
> Jon
>
> ----- Original Message -----
> From: "Remy Maucherat" <[EMAIL PROTECTED]>
> To: "Tomcat Users List" <[EMAIL PROTECTED]>; "Jonathan Eric
> Miller" <[EMAIL PROTECTED]>
> Sent: Thursday, February 14, 2002 6:26 PM
> Subject: Re: Did the default HTTP expires header change in Tomcat?
>
>
> > > Yeah, I just tried my application in 4.0.1 and it doesn't expire.
> > Something
> > > seems to have changed in 4.0.2.
> >
> > Yes, the content which is protected through a security constraint is
> marked
> > as non cacheable (which fixes a security problem where a proxy would
cache
> > the pages).
> >
> > Remy
> >
>
>
> --
> To unsubscribe: <mailto:[EMAIL PROTECTED]>
> For additional commands: <mailto:[EMAIL PROTECTED]>
> Troubles with the list: <mailto:[EMAIL PROTECTED]>
>
--
To unsubscribe: <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>
