D
David Hay
IE does not seem to conform to the cache-control: no-store directive as
defined in RFC 2068.
The RFC says:
The purpose of the no-store directive is to prevent the inadvertent release
or retention of sensitive information (for example, on backup tapes). The
no-store directive applies to the entire message, and may be sent either in
a response or in a request. If sent in a request, a cache MUST NOT store any
part of either this request or any response to it. If sent in a response, a
cache MUST NOT store any part of either this response or the request that
elicited it.
When a form is posted to a page that responds with the no-store directive,
IE does not cache the response page (good), but a user can refresh the page
and IE will post the original form data used to request the page (bad).
This later behaviour does not conform with the RFC because IE has cached the
request that elicited the page.
Has anyone had any experience with this behaviour, or have I missed the
point of the RFC?
David
defined in RFC 2068.
The RFC says:
The purpose of the no-store directive is to prevent the inadvertent release
or retention of sensitive information (for example, on backup tapes). The
no-store directive applies to the entire message, and may be sent either in
a response or in a request. If sent in a request, a cache MUST NOT store any
part of either this request or any response to it. If sent in a response, a
cache MUST NOT store any part of either this response or the request that
elicited it.
When a form is posted to a page that responds with the no-store directive,
IE does not cache the response page (good), but a user can refresh the page
and IE will post the original form data used to request the page (bad).
This later behaviour does not conform with the RFC because IE has cached the
request that elicited the page.
Has anyone had any experience with this behaviour, or have I missed the
point of the RFC?
David