WebApp Sec: Re: How to prevent Internet Explorer from locally caching pages

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

WebApp Sec mailing list archives

Re: How to prevent Internet Explorer from locally caching pages

From: Liam Quinn <liam () htmlhelp com>
Date: Thu, 3 Apr 2003 20:35:36 -0500 (EST)

On 4 Apr 2003, Adrian Caneva wrote:

Expiration headers seem to be ignored by Internet Explorer behind a Proxy 
server when using BACK / FORWARD buttons.
On Microsoft's Knowledge Base Article  234067 (HOWTO: Prevent Caching in 
Internet Explorer) I've found that in fact this can happen.
And I could verify that, behind a Proxy, IE (6.0, 5.5, 5.0) gets the page 
from local disk cache although Expire = -1 header should force it ask the 
web server for an updated version.


FWIW, IE's behaviour seems to be in agreement with the HTTP/1.1 
specification:

   By default, an expiration time does not apply to history mechanisms.
   If the entity is still in storage, a history mechanism SHOULD display
   it even if the entity has expired, unless the user has specifically
   configured the agent to refresh expired history documents.

http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html#sec13.13

-- 
Liam Quinn

By Date By Thread

Current thread:

How to prevent Internet Explorer from locally caching pages Adrian Caneva (Apr 03)
- Re: How to prevent Internet Explorer from locally caching pages Liam Quinn (Apr 03)
  - Re: How to prevent Internet Explorer from locally caching pages Rory (Apr 03)
- <Possible follow-ups>
- RE: How to prevent Internet Explorer from locally caching pages David Cameron (Apr 03)
- Re: How to prevent Internet Explorer from locally caching pages Adrian Caneva (Apr 04)