WebApp Sec mailing list archives

RE: Cache-Control

From: "Thor Larholm" <thor () pivx com>
Date: Mon, 15 Sep 2003 11:19:53 -0700

Caching Tutorial for Web Authors and Webmasters
http://www.mnot.net/cache_docs/

As for cookies on your localhost HTTP server, change your HOSTS file to
make 127.0.0.1 point at a made up name, like 

127.0.0.1       localhost.com



Regards
Thor Larholm
PivX Solutions, LLC - Senior Security Researcher
http://www.pivx.com/larholm/unpatched - Unpatched IE vulnerabilities

-----Original Message-----
From: Pessoft [mailto:pessoft () seznam cz] 
Sent: Sunday, September 14, 2003 4:38 PM
To: webappsec () securityfocus com
Subject: Cache-Control


I need to disable caching my page for maximal security, but i don't know
how. I've tried using http headers Pragme, Expires, Cache-Control
without success. Under Opera page works fine, but IE still caches links
and after switching from one section to another after logoff when i try
to return to section one IE reads cached page and shows, that i'm logged
in, but actually i'm not. Also when i run script which outputs
$_SERVER['HTTP_CACHE_CONTROL'] Opera writes "no-cache", but IE writes ~
undefined variable ~. I've tried IE 5.5 under Win98se and also IE under
WinXP.

Pessoft

PS: Anybody knows how to enable cookies in IE for localhost HTTP server.

Current thread:

Cache-Control Pessoft (Sep 15)
- Re: Cache-Control Sverre H. Huseby (Sep 15)
- <Possible follow-ups>
- RE: Cache-Control Thor Larholm (Sep 15)