[4461] in WWW Security List Archive
Re: Removing info from a PC cache
daemon@ATHENA.MIT.EDU (Gary Meltzer)
Sat Feb 15 23:13:31 1997
From: garym@softshore.com.au (Gary Meltzer)
To: darren@factcomm.co.jp (Darren Cook), "Ammon" <ammon@ikx.org>,
"HEROLD.BECKY" <Herold.Becky@principal.com>
Cc: www-security@ns2.rutgers.edu
Date: Sun, 16 Feb 1997 00:47:24 GMT
In-Reply-To: <19970215060837546.AAC80@cook2>
Errors-To: owner-www-security@ns2.rutgers.edu
Try this HTTP header: "Expires: <date>"
<date> is in rfc850 format but must always be GMT.
N.B. It is designed to support volatile data rather than secure data.
And it may require some server awareness of the client clock time.
No harm in also including "Pragma: no-cache".
On Sat, 15 Feb 1997 15:08:42 +0900, Darren Cook wrote:
>>> The best way (and I'd be interested to hear alternatives) seems to be to
>>> assign them a 'session id' when they first log on, and then insert this id
>>> into all links (requires the pages to be parsed by a cgi program).
>>> Expire the id's after say 30 minutes (I record a 'last web activity' time
>>> each time I sent them back a page) of inactivity.
>>> Anyone who tries to access a page with no session id, or an outdated/invalid
>>> one, gets the 'input password' page.
>>> This does not need SSL,etc., but should run on top of it.
>>>
>>I believe there is a simpler way but we have not tried it yet. I remember
>>reading somewhere where you can specify from the server that web pages can be
>>setup to not be cached. I don't know whether this helps your case or not but
>>you should look into the HTML command.
>>
>Do you mean "Pragma: no-cache"? This seems to be to force proxy servers to
>fetch a new copy, and is sent from the client to the server.
>If there is something similar the cgi program can send to the client, can
>someone tell me how to use it?
>
>Darren
>
>
-- Gary Meltzer mailto:garym@softshore.com.au
SoftShore Industries Pty Ltd http://www.softshore.com.au/
PO Box 972, Bondi Junction, Fax +61 2 9665-4349
NSW 2022, Australia. Ph +61 414 665-400
