On Tue, Mar 3, 2009 at 4:48 PM, davathar <davat...@gmail.com> wrote: > > I'm using @never_cache as follows and IE7 has the correct behavior, > but Firefox 3.06 allows me to view the content of all previous pages > by clicking the back button even after going through a logout. > > @never_cache > @login_required() > def search(request, search): > > > Gmail has the correct behavior in firefox and IE and it's response > headers look like this: > > Cache-Control: no-cache, no-store, max-age=0, must-revalidate > Pragma: no-cache > Expires: Fri, 01 Jan 1990 00:00:00 GMT > Date: Tue, 03 Mar 2009 20:14:58 GMT > Content-Type: text/html; charset=UTF-8 > Set-Cookie: GMAIL_IMP=EXPIRED; Expires=Mon, 02-Mar-2009 20:14:58 GMT; > Path=/mail > Content-Encoding: gzip > Transfer-Encoding: chunked > X-Content-Type-Options: nosniff > Server: GFE/1.3 > > > The headers I'm getting from my Django app are as follows. And as you > can tell, they are missing a lot of the stuff that Gmail seems to use > to stop caching. > > Date: Tue, 03 Mar 2009 21:12:04 GMT > Server: Apache/2.2.9 (Win32) DAV/2 mod_ssl/2.2.9 OpenSSL/0.9.8h > mod_autoindex_color mod_python/3.3.1 Python/2.5.2 PHP/5.2.6 > Expires: Tue, 03 Mar 2009 21:12:04 GMT > Vary: Cookie > Last-Modified: Tue, 03 Mar 2009 21:12:04 GMT > Etag: "1710a9ec54f25e5074e4decf99697a44" > Cache-Control: max-age=0 > Content-Type: text/html; charset=utf-8 > Connection: close > Transfer-Encoding: chunked > > > > I've read a lot of responses on this topic. Perhaps I missed one that > works. Here are the ones I can't accept. > > "This is a browser issue, nothing can be done" - Maybe it's a browser > issue, but other sites manage it, see Gmail. > > "Make the user close the browser" - Relying on users to do anything > is a last resort. It may be good for them to close the browser. But > making that the only reliable solution is not good enough. > > "Use Javascript to clear the cache or some other trick" - Relying on > JS being active is like relying on users. > > So, is this a feature waiting to be developed? Or is there a way to > make it work right with the existing code? > > > > > > The most obvious difference, to me, is the must-revalidate bit in the Cache-Control header. While nothing is built into django to handle this, you are more then welcome to set the header, and create a decorator, to do this, for whicheve rheader it is.
Alex -- "I disapprove of what you say, but I will defend to the death your right to say it." --Voltaire "The people's good is the highest law."--Cicero --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
