Version 8
Created by starksm64 on Feb 27, 2005 5:46 PM. Last modified by jvilladiego on Dec 4, 2006 12:29 PM.

    Tomcat adds a Cache-Control: no-cache header for secured requests to prevent caching of of secured resources. jboss-3.2.6+ supports a WEB-INF/context.xml descriptor that allows one to customize a war context. This can be used to disable the Cache-Control header addition using a myapp-web.war/WEB-INF/context.xml like the following:

     

    <Context>
  <Valve className="org.apache.catalina.authenticator.FormAuthenticator"
          disableProxyCaching="false" ></Valve>
</Context>

     

    or, if you're using BASIC HTTP authentication:

     

    <Context>
  <Valve className="org.apache.catalina.authenticator.BasicAuthenticator"
          disableProxyCaching="false" ></Valve>
</Context>

     

     

    Note that the addition of the Cache-Control: no-cache header causes IE to fail to load content when using SSL. This is described as a security feature of IE in the following knowledge base posting:

    Internet Explorer Is Unable to Open Office Documents from an SSL Web Site

     

    18420 Views Categories: Tags: