Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- Problem forcing pages not to cache.
May 22, 2008, 3:39 am
rate this thread
I have a requirement to ensure that pages do not store anywhere in the
browser cache. Essentialy, when the user hits logout, the information
they've been reading needs to be completely innaccesable.
I have done a bit of Googling and found articles suggesting the
following HTTP-EQUIV meta tags. The page loads and validates via WC3,
however fails to secure the content.
I'm testing in Firefox 2 by opening the below file from a local disk.
I then leave the page, set the browser to 'work offline' and open the
file from 'history'. The page appears in full. I have also tested the
file served via http from a web browser to the same result.
Can someone please tell me what I'm doing wrong?
Thanks in advance,
------ HTML File ----------
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<META HTTP-EQUIV="CONTENT-TYPE" CONTENT="TEXT/HTML;
<META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE; NO-STORE;
<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE"> <!-- Backward
compatibility with HTTP 1.0-->
<META HTTP-EQUIV="EXPIRES" CONTENT="-1">
<title>Sample Document which should not be stored in browser cache</
This is a sample expired Document
Re: Problem forcing pages not to cache.
It cannot be guaranteed. However, the tags you have used are a
reasonable attempt. Any browser that refuses to honor any of them won't
listen to you anyway as regards to caching. It wouldn't hurt, however,
to try to do cache control at the level where it logically belongs,
namely HTTP level, in HTTP headers. In particular, this could be
effective against some proxy caches (which won't even look at any <meta>
tags). Check the classic reference, "Caching Tutorial for Web Authors
and Webmasters", http://www.mnot.net/cache_docs /
This cannot be guaranteed, of course. In particular, you cannot erase it
from the user's mind, or print copies, or locally saved copies.
There are some mistakes and questionable features in them. For example,
Cache-Control header uses, by the protocol, commas and not semicolons as
Validation is just formal and says nothing about the correctness of the
contents in the <meta> tag attributes.
I would not expect a browser cache local files anyway, by default. What
would be the point?
So what? The history is a collection of URLs, and when you open
something via the history, the browser accesses the resource by its
normal rules. This includes reading it from disk if it is local, as well
as requesting it via HTTP when its logic so requires (that is, the page
is not in the cache or the caching information tells that the cached
copy is to be treated as expired).
Jukka K. Korpela ("Yucca")