WebApp Sec mailing list archives

Re: Mozilla Firefox can't disable browser cache. Why?

From: Ron <ron () gwn ca>
Date: Wed, 23 Aug 2006 09:32:16 -0500

Out of curiosity, what happens if you close and re-open the browser?  Or
what happens if you try and open the page in another tab?  I'm thinking
that it might be cached in memory and not on disk, and I'm not sure if
you can disable in-memory caching.  That's just a guess, though.

smith.norton () gmail com wrote:

I have two pages.

a.php
------

<?php
Header("Pragma: no-cache"); #HTTP 1.0
Header("Cache-control: private, no-cache, no-store");
Header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
?>

<html>
<head>
<title>1st Page</title>
</head>
<body>
<p>
This is the first page.<br>
<a href="b.html">Click here</a> to go to the second page.
</p>
</body>
</html>

b.html
------
<html>
<head>
<meta http-equiv="cache-control" content="no-cache">
<title>2nd Page</title>
</head>
<body>
<p>
This is the second page.<br>
</p>
</body>
</html>

Then I try the following steps:-

1. Open http://[mysite]/a.php
2. Click the link on it to go to b.html.
3. Then click on "Work Offline" from the "File" menu of the browser.
4. Hit the back button.

I am expecting that on pressing the back button I shouldn't be able to get a.php since caching was disabled.

When I try the above steps with Internet Explorer, I am unable to get back a.php in "offline" mode. So this is OK.

But, when I try the above steps with Mozilla Firefox, I am able to get back a.php in "offline" mode even though 
caching was disabled.

Why didn't Mozilla Firefox obey the directives in the HTTP Headers?

-------------------------------------------------------------------------
Sponsored by: Watchfire

Watchfire was recently named the worldwide market leader in Web 
application security assessment tools by both Gartner and IDC. 
Download a free trial of AppScan today and see why more customers choose 
AppScan then any other solution. Try it today!
  
https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008VnB
--------------------------------------------------------------------------


-------------------------------------------------------------------------
Sponsored by: Watchfire

Watchfire was recently named the worldwide market leader in Web 
application security assessment tools by both Gartner and IDC. 
Download a free trial of AppScan today and see why more customers choose 
AppScan then any other solution. Try it today!
  
https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008VnB
--------------------------------------------------------------------------

Current thread:

Mozilla Firefox can't disable browser cache. Why? smith . norton (Aug 23)
- Re: Mozilla Firefox can't disable browser cache. Why? mark (Aug 23)
- RE: Mozilla Firefox can't disable browser cache. Why? Tony Stahler (Aug 23)
- Re: Mozilla Firefox can't disable browser cache. Why? Ron (Aug 23)
  - Re: Mozilla Firefox can't disable browser cache. Why? Damien Watson (Aug 24)
- <Possible follow-ups>
- Re: Re: Mozilla Firefox can't disable browser cache. Why? smith . norton (Aug 29)