Forum Discussion
Gilles_Archer_3
Jun 04, 2015Nimbostratus
I used Fiddler to capture 3 different scenarios:
- POST to VS x.x.x.x:443 w/ Client SSL Profile
- POST to VS x.x.x.x:80
- POST to back-end server y.y.y.y:8080 - back-end server w/o encryption
The results are identical, with the exception:
- POST to VS x.x.x.x:443 has a header of "Cache-Control: no-cache"
- POST to VS x.x.x.x:80 has a header of "Pragma: no-cache"
- POST to back-end server y.y.y.y:8080 has a header of "Pragma: no-cache"
The latter 2 provide a successful logon and the application functions as expected.
Reading link text section 14.32 states:
The Pragma general-header field is used to include implementation- specific directives that might apply to any recipient along the request/response chain. All pragma directives specify optional behavior from the viewpoint of the protocol; however, some systems MAY require that behavior be consistent with the directives.
Pragma = "Pragma" ":" 1pragma-directive
pragma-directive = "no-cache" | extension-pragma
extension-pragma = token [ "=" ( token | quoted-string ) ]
When the no-cache directive is present in a request message, an application SHOULD forward the request toward the origin server even if it has a cached copy of what is being requested. This pragma directive has the same semantics as the no-cache cache-directive (see section 14.9) and is defined here for backward compatibility with HTTP/1.0. Clients SHOULD include both header fields when a no-cache request is sent to a server not known to be HTTP/1.1 compliant.
Pragma directives MUST be passed through by a proxy or gateway application, regardless of their significance to that application, since the directives might be applicable to all recipients along the request/response chain. It is not possible to specify a pragma for a specific recipient; however, any pragma directive not relevant to a recipient SHOULD be ignored by that recipient.
HTTP/1.1 caches SHOULD treat "Pragma: no-cache" as if the client had sent "Cache-Control: no-cache". No new Pragma directives will be defined in HTTP.
Note: because the meaning of "Pragma: no-cache as a response header field is not actually specified, it does not provide a reliable replacement for "Cache-Control: no-cache" in a response
Why would the client browser use "Cache-Control" with SSL connections and "Pragma" with non-SSL connections? This seems to be consistent with IE10/Firefox/Chrome/Opera.
Thoughts?
- nitassJun 05, 2015Employeeanyway, i think caching should not affect login process, should it?