WebApp Sec mailing list archives
Unable to disable browser caching in Firefox through HTTP headers
From: smith.norton () gmail com
Date: 10 Aug 2006 07:15:15 -0000
I have two pages. a.php ------ <?php Header("Pragma: no-cache"); #HTTP 1.0 Header("Cache-control: private, no-cache, no-store"); Header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); ?> <html> <head> <title>1st Page</title> </head> <body> <p> This is the first page.<br> <a href="b.html">Click here</a> to go to the second page. </p> </body> </html> b.html ------ <html> <head> <meta http-equiv="cache-control" content="no-cache"> <title>2nd Page</title> </head> <body> <p> This is the second page.<br> </p> </body> </html> Then I try the following steps:- 1. Open http://[mysite]/a.php 2. Click the link on it to go to b.html. 3. Then click on "Work Offline" from the "File" menu of the browser. 4. Hit the back button. I am expecting that on pressing the back button I shouldn't be able to get a.php since caching was disabled. When I try the above steps with Internet Explorer, I am unable to get back a.php in "offline" mode. So this is OK. But, when I try the above steps with Mozilla Firefox, I am able to get back a.php in "offline" mode even though caching was disabled. Why didn't Mozilla Firefox obey the directives in the HTTP Headers? ------------------------------------------------------------------------- Sponsored by: Watchfire Watchfire was recently named the worldwide market leader in Web application security assessment tools by both Gartner and IDC. Download a free trial of AppScan today and see why more customers choose AppScan then any other solution. Try it today! https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008VnB --------------------------------------------------------------------------
Current thread:
- Unable to disable browser caching in Firefox through HTTP headers smith . norton (Aug 10)