When I was researching a caching problem I experienced with logout pages, I noticed that ASP pages set the following HTTP header: Cache-Control: private This is probably something we all want to do on any dynamic pages that we create that are specific to some user, from RFC2068: ---- private Indicates that all or part of the response message is intended for a single user and MUST NOT be cached by a shared cache. This allows an origin server to state that the specified parts of the response are intended for only one user and are not a valid response for requests by other users. A private (non-shared) cache may cache the response. ---- This is easily accomplished in JSP (but, isn't almost everthing?) by including the following some place near the top of the file (before the buffer is flushed): response.addHeader("Cache-Control","private"); See RFC 2068 Section 14.9 for information on the Cache-Control HTTP Header. <URL:http://www.ietf.org/rfc/rfc2068.txt?number=2068> Sam =========================================================================== To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST". Some relevant FAQs on JSP/Servlets can be found at: http://java.sun.com/products/jsp/faq.html http://www.esperanto.org.nz/jsp/jspfaq.html http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets