I read:
// FIXME: Disabled for Mozilla FORM support over SSL
// (improper caching issue)
Indeed (I now remember the issue), there would be serious issues should this not be the default.
The issue here is, apparently, that Mozilla has a caching bug we are working around, so we have to disable caching. However, I don't know that the broken Mozilla agent requires the Pragma header to do this.
Now, I think you are misrepresenting the IE issue, and it's not such a big issue.
Here is a test war for you and those interested,
<http://apache.org/~keith/ietest.war>. If you deploy this you will see that you cannot download the one file in the webapp with IE with head of tree. If you comment out the pragma header in AuthenticatorBase, it works fine.
Despite your renaming, I want to emphasize that I am not talking about the cache-control header, and am fine with it being either private or no-cache.
I am perfectly fine with adding new configurability and documenting it properly, but defaults should lean towards the safer solution.
I disagree, defaults should be friendly to the largest client base.
BTW, I really don't see any problem with not using the defaults, and actually configuring something. Is that really a big issue for you and the people who reported this problem ? For example, in JBoss, I use a different default configuration and I don't make a big issue out of it.
I think Tomcat should work with IE under SSL, and yes, I think it is a big issue that Tomcat doesn't, out of the box.
Keith
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
