Tanks for the answer. Looks like I have to dig futher on. As you say the portlet itself can't control this behavior. I was hoping that there was a way around, eg. by setting a property: resp.addProperty("portlet.expiration-cache","0");
In our applications we have to solve this use case: - User Lisa logs on to the portal and access several "protected" pages. - After a while she logs out and leave for lunch. - "Hacker" Bob takes physical control over her computer, and use the back button in the browser. If client caching not are turned off, he will be able to see localy cached pages in the browser, as long is he not posts or refresh's pages. Since majorty of browsers support no-cache directive, this has been enough to solve this problem. In our (and other) "secure" portal applications this problem has to be solved. Regards Jan Ole View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3868452#3868452 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3868452 ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ JBoss-Development mailing list JBoss-Development@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-development