sebastian palmigiani wrote: > Access to a browser cached page from a password protected site can be > accessed by anyone using the same machine using the back button on the > browser and see those pages even if they're not logged into the site. > > Is there some code that will expire the browser cached pages?
You can add cache-control headers. See RFC 2616. If your application uses really sensitive data, you should consider advising people to disable caching. And use HTTPS, many browsers have an option not to cache HTTPS data. Jochem ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
