WebApp Sec mailing list archives
Re: Mozilla Firefox can't disable browser cache. Why?
From: mark <mark () cyanox nl>
Date: Wed, 23 Aug 2006 20:41:24 +0200
This is most likely due to Firefox having a memory cache too. You can find all Firefox cache settings when going to the about:config page. Search for cache and you will be able to find the memory caching. smith.norton () gmail com wrote:
I have two pages. a.php ------ <?php Header("Pragma: no-cache"); #HTTP 1.0 Header("Cache-control: private, no-cache, no-store"); Header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); ?> <html> <head> <title>1st Page</title> </head> <body> <p> This is the first page.<br> <a href="b.html">Click here</a> to go to the second page. </p> </body> </html> b.html ------ <html> <head> <meta http-equiv="cache-control" content="no-cache"> <title>2nd Page</title> </head> <body> <p> This is the second page.<br> </p> </body> </html> Then I try the following steps:- 1. Open http://[mysite]/a.php 2. Click the link on it to go to b.html. 3. Then click on "Work Offline" from the "File" menu of the browser. 4. Hit the back button. I am expecting that on pressing the back button I shouldn't be able to get a.php since caching was disabled. When I try the above steps with Internet Explorer, I am unable to get back a.php in "offline" mode. So this is OK. But, when I try the above steps with Mozilla Firefox, I am able to get back a.php in "offline" mode even though caching was disabled. Why didn't Mozilla Firefox obey the directives in the HTTP Headers? ------------------------------------------------------------------------- Sponsored by: WatchfireWatchfire was recently named the worldwide market leader in Web application security assessment tools by both Gartner and IDC. Download a free trial of AppScan today and see why more customers choose AppScan then any other solution. Try it today! https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008VnB--------------------------------------------------------------------------
------------------------------------------------------------------------- Sponsored by: WatchfireWatchfire was recently named the worldwide market leader in Web application security assessment tools by both Gartner and IDC. Download a free trial of AppScan today and see why more customers choose AppScan then any other solution. Try it today! https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008VnB
--------------------------------------------------------------------------
Current thread:
- Mozilla Firefox can't disable browser cache. Why? smith . norton (Aug 23)
- Re: Mozilla Firefox can't disable browser cache. Why? mark (Aug 23)
- RE: Mozilla Firefox can't disable browser cache. Why? Tony Stahler (Aug 23)
- Re: Mozilla Firefox can't disable browser cache. Why? Ron (Aug 23)
- Re: Mozilla Firefox can't disable browser cache. Why? Damien Watson (Aug 24)
- <Possible follow-ups>
- Re: Re: Mozilla Firefox can't disable browser cache. Why? smith . norton (Aug 29)