NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > WWW-Mobile-Code> 2006-q2

Re: Code snippets to disable browser caching

From: Jean-Jacques Halans (halansgmail.com)
Date: Mon May 08 2006 - 17:39:44 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,
I've use these ones:
----------------------------------------
HTML
<META HTTP-EQUIV="Expires" CONTENT="-1">
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Cache-control" CONTENT="no-cache">
<META HTTP-EQUIV="Cache" CONTENT="no-cache">
<META HTTP-EQUIV="Expires" CONTENT="thu, 01 Jan 1998 12:00:00 GMT">

To properly prevent the Web page from appearing in the cache (older IE
versions), place another header section at the end of the HTML
document:
...
</BODY>
<HEAD>
<META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
</HEAD>
</HTML>
----------------------------------------
ASP
<% Response.CacheControl = "no-cache" 'HTTP 1.1 %>
<% Response.CacheControl="private" 'prevents caching at the proxy server %>
<% Response.AddHeader "Pragma", "no-cache" 'HTTP 1.0 %>
<% Response.AddHeader "cache-control", "no-store" 'HTTP 1.1 %>
<% Response.Expires = -1 'prevents caching at the proxy server %>

----------------------------------------
JSP
<% response.setHeader("Cache-Control","no-cache"); %>
<% response.setHeader("Pragma","no-cache"); %>
<% response.setDateHeader ("Expires", 0); %>
<% response.setHeader("Cache-Control","no-store"); %>

----------------------------------------
PHP
Header("Cache-control: private, no-cache, must-revalidate");
Header("Cache-control: private, no-cache");
Header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); # Past date
Header("Pragma: no-cache"); #HTTP 1.0

----------------------------------------
And another simple technique :
append a random number to the query-string of every URL you do not want cached

More on http1.1 caching:
http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9

Hope it helps,
JJ

>
> On 8 May 2006 04:43:31 -0000, smith.nortongmail.com
> <smith.nortongmail.com> wrote:
> >Can anyone suggest me how to write my HTML file so that it disables browser
> >caching in the client side?
> >
> >
> >I would appreciate if anyone can give small code snippets to explain the
> >same.
> >
> >
> >Thanks in advance.
> -------------------------------------------------------------------------

Halans Jean-Jacques, CISSP

-------------------------------------------------------------------------
Sponsored by: Watchfire

Methodologies & Tools for Web Application Security Assessment
With the rapid rise in the number and types of security threats, web
application security assessments should be considered a crucial phase in
the development of any web application. What methodology should be
followed? What tools can accelerate the assessment process?
Download this whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701300000007t9h
--------------------------------------------------------------------------

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]