Hi,
Ironically, I just bumped into some back tracking issues as well.
Setting the appropriate headers in the response, plus adding the
little iFrame per the apple FAQ works great for session based pages
where a form has been submitted, and such, but does not work at all
for direct actions.
Use case is something like:
(A) User goes to a DirectAction for a customer execute a purchase.
(B) Customer executes the purchase, a 'Thank You' page is returned
(via pageWithName, session got created) and the session is terminated.
(C) In Safari, but not Thunderbird or IE6, the back up button allows
anybody who comes to that computer to view the prior page, including
credit card information.
I played a lot with even setting the page cache to zero, forcing a URL
key/value pair on the link to the direct action, all to no avail.
Does anybody know a workaround for this?
If the user says has a field validation error, and additional pages
are inserted between (A) and (B) above from reporting validations and
having the user correct mistakes, those pages operate as expected, but
even then, it is still possible for a determined user to back up all
the way to the very first direct action page and see all the data on
that original page. Seems maybe Safari is filling in the field values
itself from some sort of local cache?
Thanks,
- mike
On Jun 6, 2008, at 12:24 AM, Joe Moreno wrote:
Chuck,
When I start wondering if Safari is caching a page or if it's my
own bug I add something useless to the end of the URL (i.e. either
server side or client side via JavaScript). Usually, I'll just tag
on a key/value pair such as ?t=1212726377311 which is simply the
time. To Safari, and any proxy servers, this appears as a new request.
- Joe
On Jun 3, 2008, at 17:24:12, Chuck Hill wrote:
Hi,
Safari, at least as of version 3.1.1 (5525.20) does not seem to
respect the headers that control local page caching. The Safari
FAQ claims to show how to do this:
http://developer.apple.com/internet/safari/faq.html#anchor5
Returning
last-modified = ("Wed, 04-Jun-2008 00:10:53 GMT");
cache-control = ("no-store, no-cache, must-revalidate, max-age=0,
post-check=0, pre-check=0");
expires = ("Mon, 26 Jul 1997 05:00:00 GMT");
date = ("Wed, 04-Jun-2008 00:10:53 GMT");
pragma = ("no-cache");
still results in Safari using the local cache instead of making a
trip back to the server. The Web Inspector in Safari show that it
is getting these headers, but it seems to ignore them. I have
reported this to Apple.
Obviously, this has rather serious implications for those of use
deploying dynamic web applications. The back button is hard enough
to deal with when the browser works correctly!
Any suggestions for work arounds gratefully attempted.
Chuck
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (Webobjects-dev@lists.apple.com)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com
This email sent to [EMAIL PROTECTED]
