I'm using @never_cache as follows and IE7 has the correct behavior, but Firefox 3.06 allows me to view the content of all previous pages by clicking the back button even after going through a logout.
@never_cache @login_required() def search(request, search): Gmail has the correct behavior in firefox and IE and it's response headers look like this: Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Date: Tue, 03 Mar 2009 20:14:58 GMT Content-Type: text/html; charset=UTF-8 Set-Cookie: GMAIL_IMP=EXPIRED; Expires=Mon, 02-Mar-2009 20:14:58 GMT; Path=/mail Content-Encoding: gzip Transfer-Encoding: chunked X-Content-Type-Options: nosniff Server: GFE/1.3 The headers I'm getting from my Django app are as follows. And as you can tell, they are missing a lot of the stuff that Gmail seems to use to stop caching. Date: Tue, 03 Mar 2009 21:12:04 GMT Server: Apache/2.2.9 (Win32) DAV/2 mod_ssl/2.2.9 OpenSSL/0.9.8h mod_autoindex_color mod_python/3.3.1 Python/2.5.2 PHP/5.2.6 Expires: Tue, 03 Mar 2009 21:12:04 GMT Vary: Cookie Last-Modified: Tue, 03 Mar 2009 21:12:04 GMT Etag: "1710a9ec54f25e5074e4decf99697a44" Cache-Control: max-age=0 Content-Type: text/html; charset=utf-8 Connection: close Transfer-Encoding: chunked I've read a lot of responses on this topic. Perhaps I missed one that works. Here are the ones I can't accept. "This is a browser issue, nothing can be done" - Maybe it's a browser issue, but other sites manage it, see Gmail. "Make the user close the browser" - Relying on users to do anything is a last resort. It may be good for them to close the browser. But making that the only reliable solution is not good enough. "Use Javascript to clear the cache or some other trick" - Relying on JS being active is like relying on users. So, is this a feature waiting to be developed? Or is there a way to make it work right with the existing code? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
