[imp] Caching inbox pages.
Tim Bannister
Tim.Bannister at manchester.ac.uk
Thu Sep 11 08:55:04 UTC 2008
Michael M Slusarz wrote:
>
> Quoting robert sand <rsand at d.umn.edu>:
>
> > We are using https. Sorry I even asked. If you don't know the
> > answer why even reply.
>
> Firefox does *not* cache https.
> https://bugzilla.mozilla.org/show_bug.cgi?id=309368
>
> IE does, but *only* if the Caching headers allow it. Many browsers
> will cache pages even (if expired) if using http only. So there is
> absolutely nothing wrong with the statement "you should use https".
Our IMP (pretty much stock Horde 3.2.1 / IMP 4.2) sends this header:
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
It might help to add "private", but "no-store" should trump all that. It
means that "the cache MUST NOT intentionally store the information in
non-volatile storage, and MUST make a best-effort attempt to remove the
information from volatile storage as promptly as possible after
forwarding it" (RFC 2616).
Firefox uses something like this behaviour for HTTPS responses unless
the server explicitly overrides this with a more permissive
Cache-Control header.
IMP can't do much about user agents that ignore a MUST requirement in
their HTTP implementation.
--
Tim Bannister
Email system administrator
IT Services division
The University of Manchester
w: http://www.manchester.ac.uk/itservices
More information about the imp
mailing list