DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=34560>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=34560 [EMAIL PROTECTED] changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |RESOLVED Resolution| |WONTFIX ------- Additional Comments From [EMAIL PROTECTED] 2006-09-23 21:05 ------- The specs do state that authenticated resources must not be cached. However, this does not mean that all unauthenticated resources may be cached. If you can provide a reference in a relevant specification that does state this then you have a much stronger case. The servlet spec does not specify caching behaviour for CONFIDENTIAL. Given the meaning of confidential it is arguable that it should not be cached it in order to keep it private. Without a clear specification breach (which I don't see having reviewed the specs quoted in this report) this behaviour is always going to be open to interpretation. If you don't like the behaviour as currently interpretted there are a number of options (disableProxyCaching, securePagesWithPragma) you can use or if these don't give you want you want you can, as the you and others have, implement a filter to set the cache control headers. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
