On Tue, Apr 06, 2004 at 05:32:25AM -0600, Antonio Gallardo wrote: > Leszek Gawron dijo: > > If you use IE (I do not know how other browsers handle this) if you serve > > a > > page without client cache turned off you make a security hole (IE caches > > everything and serves even after user has logged out). > > Very smart browser! ROTFL! At last if you do not close your browser window. That is a real problem because even if you log out and login again sometimes requesting for examples /myApp/showProjects.do you do not see your server being hit.
> > The code (assume every non internal uri goes to "main" method ): > > var user = null; > > > function main( action ) { > > cocoon.response.setHeader( "Expires", "-1" ); > > cocoon.response.setHeader( "Cache-Control", "no-cache" ); > > cocoon.response.setHeader( "Pragma", "no-cache" ); > > All these 3 instructions, can be setted in a the HTML style transformer > instead of doing it in Flow. If not you need to write it over and over. HTML Transformer sets response headers? I do not think so. META tags maybe - but IE docs say explicitly that headers are preffered over meta tags > In the below code, can you better use the standard authentication-fw. the > auth-fw can also work with flow: I do not use authentication-fw intentionally as I want to have an acces to a complete user object ( I use hibernate ). This is also a reason I do not use container authentication - it gives me only username and I would have to fetch the user data every time. lg -- __ | / \ | Leszek Gawron // \\ \_\\ //_/ [EMAIL PROTECTED] _\\()//_ .'/()\'. Phone: +48(501)720812 / // \\ \ \\ // recursive: adj; see recursive | \__/ |