DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=6709>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=6709 Images on protected areas have not "Last modified" header ------- Additional Comments From [EMAIL PROTECTED] 2002-02-27 21:11 ------- The solution to this bug should in my opinion allow a developer to override the caching settings that are specified by default by the server for resources that are protected by a <security-constraint>. You should be able to do this using one of Tomcat's settings files. Allowing local caching of content that is served over SSL is a valid thing to do. Why is it that Tomcat's behavior is different than Apache HTTP Server with SSL? Apache HTTP Server with SSL does not add any cache control headers for content served over SSL. I don't have an issue with the fact that by default caching is turned off. I think that it is a good thing, if it helps improve security. However, not having a way to change the setting is a design flaw/bug. I also would still like to know why the "expires" header is being set. As far as I know you shouldn't have to set this header in order to turn off caching. -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
