Prevent IE caching

Question

I am developing a Java EE web application using Struts. The problem is with Internet Explorer caching. If an user logs out he can access some pages because they are cached and no request is made. If I hit refresh it works fine. Also if an user goes to login page again it won't redirect him because that page is also cached.

Two solutions come to my mind:

Writing an Interceptor (servlet filter like) to add to response header no-cache etc.
Or or put <meta> tags at each page.

Which one should I do?

I have found that adding the no-cache headers does not always work on IE. — ziggy, Oct 23 '10 at 18:16
Apparently you forgot the `Expires` header. See also the answers in this question. — BalusC, Oct 23 '10 at 19:25

score 30 · Accepted Answer · edited May 23 '17 at 11:46

Rather set the following headers on the HttpServletResponse of the page(s) in question so that you don't need to copypaste it over all pages manually:

response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate"); // HTTP 1.1.
response.setHeader("Pragma", "no-cache"); // HTTP 1.0.
response.setDateHeader("Expires", 0); // Proxies.

This is equivalent to setting the following meta headers in the page(s) manually:

<meta http-equiv="Cache-Control" content="no-cache, no-store, must-revalidate">
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="Expires" content="0">

Also see this answer. Don't forget to clear browser cache before testing ;)

score 5 · Answer 2 · edited May 23 '17 at 12:00

5

I've found the following to work well:

response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, pre-check=0, post-check=0, private");
response.setHeader("Pragma", "no-cache");
response.setDateHeader("Expires", 0);

From the tags on this question it looks like you are using Struts. Struts 1.x allows you to do this through configuration in struts-config.xml by setting nocache="true" on the controller element:

<controller processorClass="org.apache.struts.tiles.TilesRequestProcessor" nocache="true" />

Mark Nottingham's caching tutorial is the best resource I've seen on the web about HTTP and caching if you are looking to understand more.

That being said, depending on the problem you are seeing it might be a browser history issue. See here for more information about that.

edited May 23 '17 at 12:00

Community

1
1

answered May 17 '10 at 13:03

laz

27,169
5
51
50

BTW: only the first three `Cache-Control` properties as shown in your example is sufficient, they (and the `Expires` header) already "implicitly" sets the subsequent properties to the desired values. – BalusC May 17 '10 at 13:13
We arrived at those values while researching a problem where users with Opera were able to view secure pages in their browser history after logging off and destroying their session. That value was used as a fix. I'm trying to find the original link that explained how those settings were arrived at but I haven't been able to so far. Perhaps it is overkill though given that I only learned about the differences between browser cache and browser history after that research. – laz May 17 '10 at 13:27
There was indeed a related Opera 8.x bug which was fixed halfway the previous decade. Also caching of a redirect wasn't done properly in this browser. But practically nobody uses Opera 8 nowadays. – BalusC May 17 '10 at 13:53

score 2 · Answer 3 · answered Jan 30 '12 at 17:52

Looks like IE < 9 will still cache even if you have pragma: no-cache in the head and set browser to refresh on each page load. You need to add the meta tags again in a second head section before close of the html. This is right from MS itself.

http://support.microsoft.com/kb/222064/

little better explanation here

http://www.htmlgoodies.com/beyond/reference/article.php/3472881/So-You-Dont-Want-To-Cache-Huh.htm

From testing you also need the Expires: -1 meta tag to make it work. It is recommended to use Expires: -1 and not 0.

score 0 · Answer 4 · answered Oct 21 '13 at 08:29

Add tag type="button" into actual action button.

The default value of the type attribute depends on the current document compatibility mode. The default value is submit. In other compatibility modes the default value is button. When the BUTTON element is submitted in a form, the value depends on the current document compatibility mode. Windows Internet Explorer 8 and later. The default value of the type attribute depends on the current document compatibility mode. In IE8 Standards mode, the default value is submit. In other compatibility modes and earlier versions of Windows Internet Explorer, the default value is button. Internet Explorer 8 and later. When the BUTTON element is submitted in a form, the value depends on the current document compatibility mode. In IE8 mode, the value attribute is submitted. In other document modes and earlier versions of Internet Explorer, the innerText value is submitted.

http://msdn.microsoft.com/en-us/library/ie/ms535211(v=vs.85).aspx

score -1 · Answer 5 · answered May 17 '10 at 12:24

-1

Modify the headers with no-cache etc. It is the usual way.

answered May 17 '10 at 12:24

Femaref

58,195
7
126
170

So writing an interceptor is better...Could you tell me which headers to add? Because i see several headers that should be put – GorillaApe May 17 '10 at 12:25

Prevent IE caching

5 Answers5

Linked