Hi Ian, couple of things for you to know:
if you want to change the headers served by Tomcat from default behaviour, you'll have to change them yourself, meaning write your own filter. below is a Filter-Example which we've used to add an Expires-Header. It adds the current month + one month, so that the content should be cached in any way: package com.cr.manuals.filter; import java.text.SimpleDateFormat; import java.util.Calendar; import java.util.Date; import java.util.Locale; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; /** * Servlet implementation class for Servlet: HeaderFilter * */ public class HeaderFilter implements javax.servlet.Filter { private static String PARAM_ADD_TO_CURRENT_MONTH = "ADD_TO_CURRENT_MONTH"; private FilterConfig filterConfig = null; private int months2Add = 0; /* (non-Java-doc) * @see javax.servlet.http.HttpServlet#HttpServlet() */ public HeaderFilter() { super(); } /** * init() : init() method called when the filter is instantiated. * This filter is instantiated the first time j_security_check is * invoked for the application (When a protected servlet in the * application is accessed). */ public void init(FilterConfig aFilterConfig) throws ServletException { filterConfig = aFilterConfig; months2Add = Integer.parseInt(filterConfig.getInitParameter(PARAM_ADD_TO_CURRENT_MONTH)); } /** * destroy() : destroy() method called when the filter is taken * out of service. */ public void destroy() { filterConfig = null; } /** * doFilter() : doFilter() method called before the servlet to * which this filteris mapped is invoked. Since this filter is * mapped to j_security_check,this method is called before * j_security_check action is posted. */ public void doFilter(ServletRequest aRequest, ServletResponse aResponse, FilterChain chain) throws java.io.IOException, ServletException { //System.out.println ("******** filter *******"); HttpServletRequest request = (HttpServletRequest)aRequest; HttpServletResponse response = (HttpServletResponse)aResponse; // call next filter in the chain : let j_security_check authenticate // user response.setHeader("Expires", createExpiresHeader(months2Add)); chain.doFilter(request, response); } /** * Create a String in the format EEE, d MMM yyyy HH:mm:ss z" * Example: Fri, 4 Aug 2006 09:07:44 CEST * The value of the init-parama ADD_TO_CURRENT_MONTH is added to the * month-field of the current date * @return */ private String createExpiresHeader(int someMonths2Add) { SimpleDateFormat sdf = new SimpleDateFormat("EEE, d MMM yyyy HH:mm:ss z", Locale.US); Calendar cal = Calendar.getInstance(); cal.add(Calendar.MONTH, someMonths2Add); long millis = cal.getTimeInMillis(); Date d = new Date(millis); return sdf.format(d); } } This is a snippedt from the web.xml (you'll have to add it into all your servlets that should use this filter: <?xml version="1.0" encoding="UTF-8"?> <web-app id="WebApp_ID" version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"> <servlet> <description></description> <display-name>YourServlet</display-name> <servlet-name>YourServlet</servlet-name> <servlet-class>com.your.company.ServletClass</servlet-class> </servlet> <servlet-mapping> <servlet-name>YourServlet</servlet-name> <url-pattern>/YourServlet</url-pattern> </servlet-mapping> <filter id="Filter_1"> <filter-name>HeaderFilter</filter-name> <filter-class>com.cr.manuals.filter.HeaderFilter</filter-class> <init-param> <param-name>ADD_TO_CURRENT_MONTH</param-name> <param-value>1</param-value> </init-param> </filter> <filter-mapping> <filter-name>HeaderFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> </web-app> After compiling your Filter, just put it into the according WEB-INF/lib-directory. However, there's a pitfall: IE sometimes does not care about headers when it comes to caching: This depends on the IE-setting "Empty temporary Internetfolder when browser is closed". Therefore, I reccommend not only to send headers with the response but also set Meta-Information in the genereated HTML (i.e. Meta cache-control no-cache etc.). According to our testing this overwrites the IE-settings. Please also have a look at my post in this mailing-list "Hint: Tomcat, Form-Login and HTTP 408-Error" which gives a little bit more background-info on that. Now coming to your question about 3rd party-apps not being launched by IE when running SSL (such as pdf's): There's a known bug of IE described in the MS Knowledge-base (too lazy too look up the URL for you), howver, there's a workaround: Usually, we send the headers "Connection: Keep-Alive" and "Keep-Alive: timeout=15,max=83 However, when it comes to third-party-components like PDF, we change this via a rule in Apache: We send the header "Connection:close", and it works perfectly. The Apache-rules are in mod_setenvif (mod_setenvif must be activated): # # see http://httpd.apache.org/docs-2.0/mod/mod_setenvif.html # <IfModule mod_setenvif.c> SetEnvIf Request_URI "\.pdf$" object_is_pdf SetEnvIf Request_URI "loginForm.html$" object_is_no_cache SetEnvIf Request_URI "j_security_check$" object_is_no_cache SetEnvIf Request_URI "help_contents.htm$" object_is_no_cache </IfModule> in mod_headers.conf (mod_headers must be activated): <IfModule mod_headers.c> Header unset Pragma Header set Connection: close env=object_is_pdf Header set Cache-Control "public,must-revalidate" Header set Cache-Control "no-store" env=object_is_no_cache </IfModule> Coming to issue 2: Your config looks a bit awkward: Usually, Apache in front, you must not configure Tomcat to run SSL. this is done by Apache. Apache connects to Tomcat via mod_jk. We have this config and do not experience any performance-issue (however, we're running on a "real OS" like Linux ;) Hope that gives you a start Greg -- what's puzzlin' you, is the nature of my game --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]