Tanks for the answer.
Looks like I have to dig futher on.
As you say the portlet itself can't control this behavior.
I was hoping that there was a way around, eg. by setting a property:
resp.addProperty("portlet.expiration-cache","0");
In our applications we have to solve this use case:
- User Lisa logs on to the portal and access several "protected" pages.
- After a while she logs out and leave for lunch.
- "Hacker" Bob takes physical control over her computer, and use the back
button in the browser.
If client caching not are turned off, he will be able to see localy cached
pages in the browser, as long is he not posts or refresh's pages.
Since majorty of browsers support no-cache directive, this has been enough to
solve this problem.
In our (and other) "secure" portal applications this problem has to be solved.
Regards
Jan Ole
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3868452#3868452
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3868452
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
JBoss-Development mailing list
JBoss-Development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jboss-development
