Force No Cache on Response
Problem this snippet solves:
The problem is that Google Chrome will cache, in the current sessions memory only, responses which have had the no-cache directive applied. This means that after a user logs out of an application and walks away, another user can come up to the computer, press the back arrow and potentially see private information. The way round this is to use the no-store directive with a couple of other headers thrown in for good measure. V simple iRule below.
Code :
when HTTP_RESPONSE { # The purpose of this iRule event processing is to force no-store so that browsers will not store this content # which would enable users to hit the 'back' button, even after a logout, and potentially see customer PII if {[HTTP::header Content-Type] contains "html"} { HTTP::header insert Pragma "no-cache" HTTP::header insert Expires "Fri, 01 Jan 1990 00:00:00 GMT" HTTP::header replace Cache-Control "no-cache,no-store,must-revalidate" } }
Published Mar 17, 2015
Version 1.0CodeCentral_194
Cirrus
Joined May 05, 2019
CodeCentral_194
Cirrus
Joined May 05, 2019
No CommentsBe the first to comment