You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Jonathan Eric Miller <je...@uchicago.edu> on 2002/02/19 19:51:01 UTC

How to enable browser caching for servlet protected by security-constraint?

I found that in Tomcat 4.0.2 that Web browser caching is turned off for
resources that are protected by a security-constraint. Tomcat 4.0.2 does the
following.

sresponse.setHeader("Pragma", "No-cache");
sresponse.setHeader("Cache-Control", "no-cache");
sresponse.setDateHeader("Expires", 1);

For example, if you are protecting a resource with SSL. This is good from a
security perspective, but, not from a usability perspective.

What I want to do is set Cache-Control to "private" instead. However, I
can't do this because there aren't any APIs that allow me to clear the ones
that Tomcat is setting, aside from whiping all the headers out which I don't
want to do.

Why is expires being set?

Jon



--
To unsubscribe:   <ma...@jakarta.apache.org>
For additional commands: <ma...@jakarta.apache.org>
Troubles with the list: <ma...@jakarta.apache.org>