tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Szwajkajzer Adam" <>
Subject How to enable secured JSP to be cached by browser?
Date Fri, 14 Feb 2003 11:18:05 GMT
Hi all.
I'm using Tomcat 4.1.18 (in boundle with JBoss 3.0.5).
My application is configured to use declarative security (FORM based).
Here my problems start.
Each HTTP respons for secured JSP page gets amend by Tomcat.
Additional header Pragma, Cache-Control and Expires entries are inserted
to prevent the page to be locally cached.
I've found on that list it is performed by AuthenticatorBase class and was added 
to prevent security vulnerability.

The problem is with form pages in following scenario: 
User inserts data, submits form, server returns an application error. 
User returns to form page but it is reread from server and of course it's empty.
(User gets angry while retyping all form data;)

Since the application is only used in intranet it would be acceptable to locally cache 
secured JSP pages.
So, is it possible to switch off  no-cache/expires feature in Tomcat 4.1.18?

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message