Redirects and caching

Suppose you have a page that requires cookie-based
authentication, and that
redirects when that cookie is not found.  How do you make
sure neither page is
incorrectly cached?

Right now, I am able to access a cached page after the
cookie has been
removed.  Worse, after accessing a protected page, being
redirected, then
logging in and going *back* to that page, I am still getting
the redirect.

Is there a way around this?  I have "no-store,
no-cache" in the cache-control
headers.

Jonathon McKitrick
--
My other computer is your Windows box.

_______________________________________________
lispweb mailing list
lispwebred-bean.com
http
://www.red-bean.com/mailman/listinfo/lispweb

You should be fine with the standard HTTP cache control and
expiry  
headers. If a cache chooses to ignore these, then users get
stale  
data, and there's nothing you can do about it.

One solution is to put a session ID in the URL.

Also make sure you're using the correct (303, 307) redirect
codes,  
not, e.g., 302.

On  19 Oct 2006, at 6:16 PM, Jonathon McKitrick wrote:

>
> Suppose you have a page that requires cookie-based
authentication,  
> and that
> redirects when that cookie is not found.  How do you
make sure  
> neither page is
> incorrectly cached?
>
> Right now, I am able to access a cached page after the
cookie has been
> removed.  Worse, after accessing a protected page,
being  
> redirected, then
> logging in and going *back* to that page, I am still
getting the  
> redirect.
>
> Is there a way around this?  I have "no-store,
no-cache" in the  
> cache-control
> headers.
>
> Jonathon McKitrick
> --
> My other computer is your Windows box.
>
> _______________________________________________
> lispweb mailing list
> lispwebred-bean.com
> http
://www.red-bean.com/mailman/listinfo/lispweb


_______________________________________________
lispweb mailing list
lispwebred-bean.com
http
://www.red-bean.com/mailman/listinfo/lispweb