Even a chimp can write code

Thursday, April 22, 2004

How not to cache a page

The reason I am smiling right now is I got around this one. Otherwise there was a whole lot of hair left to tear out. My problem was simple: why does this doggone page remain accessible even after I log out? I was quite sure that the security-constraint for my web resources was properly configured (it showed me the login page when I first tried to access secure resources, afterall). A few trace statements later it dawned on me. It was all Intenet Explorer's doing! The gods at Microsoft weren't smiling at me today and that was why this infernal contraption was acting out.

So the problem boiled down to this: my LogoutAction [yes I am using Struts, that pile of stinking dogturd] was handling the session invalidation and cookie resets properly. I had followed the rules as I knew them, which meant including meta tags to my HTML head:

<META HTTP-EQUIV="Expires" CONTENT="-1">
<META HTTP-EQUIV="Cache-Control" CONTENT="no-cache">
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">

And for added safety, setting the same attributes on the response object. And yet I could access a page that shouldn't be accessible to unauthenticated users. This meant that IE was plainly ignoring my meta directives. Or this may be a bug. One Google search later, I had the solution. It was goofy yet brilliant.

It seems "The Pragma statement up above sometimes fails in IE because of the way IE caches files. There is a 64K buffer that must be filled before a page is cached in IE. The problem is that the vast majority of the pages using the Pragma statement put it between the HEAD tags.
The HEAD loads and the Pragma comes into play. The browser gets the go ahead to not cache the page, however there is not yet a page to not cache. How's that for backwards logic? Since the page hasn't filled the 64K buffer, there's no page so the Pragma is ignored. Thus...the page is cached.

The solution is to play to the buffer. If you're really serious about the Pragma working, place another set of HEAD tags at the bottom of the document, before the end HTML tag and re-enter the Pragma."

So my layout page now ends like this:

</body>
<head>
<META HTTP-EQUIV="Expires" CONTENT="-1">
<META HTTP-EQUIV="Cache-Control" CONTENT="no-cache">
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
</head>
</html>

So, who gets flogged for this?

Email this | Bookmark this