Ok I've narrowed it down to a Tomcat 5 bug/feature: http://nagoya.apache.org/bugzilla/show_bug.cgi?id=27122
About 1/2 way down the comments: ------- Additional Comments From [EMAIL PROTECTED] 2004-02-25 22:07 ------- And we have finally found the problem. In an attempt to try and work around some broken client (I can't be bothered to go back and see which one), Tomcat5 started adding adding the "don't cache" headers even for SSL requests. I'm in a very small minority of disliking this "feature", so it is unlikely to change. The work-around is to configure the Authenticator yourself: <Context path="/myapp" docBase="myapp"> | <Valve className="org.apache.catalina.authenticator.FormAuthenticator" | disableProxyCaching="false" /> | </Context> Does anyone know how & where I can configure this in a JBoss-3.2.5 environemnt? Ie if I have a EAR file to deploy, "myapp.ear" with contents: - myapp-ejb.jar - myapp-web.war - application.xml - jboss-app.xml - etc... Also, this webapp is to be the default context, if it makes a different. I've tried adding something to jbossweb-tomcat50.sar\server.xml but I can't figure out the correct syntax. Thanks. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3851931#3851931 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3851931 ------------------------------------------------------- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user