[Zope-dev] Re: CookieCrumbler and MSIE using HTTPS
Shane Hathaway
shane@zope.com
Tue, 01 Jul 2003 13:00:02 -0400
[I'm sending this to the zope-dev in the hope that Eric sees this.
Eric, the mail relay at univ-savoie.fs is misconfigured; it rejects all
mail from zope.com.]
Eric Brun wrote:
> The problem is describe on microsoft site :
> http://support.microsoft.com/default.aspx?scid->http://support.microsoft.com:80/support/kb/articles/q316/4/31.asp&NoWebContent->1
>
> I resolve it like that :
>
> resp.setHeader('Cache-Control','max-age->1')
> against
> resp.setHeader('Cache-Control','no-cache')
>
> What do you think of that ?
Unfortunately, max-age=1 means that caches *are* allowed to store the
response, if only for a short time. That could be a hazard, since it
would result in *more* caching than we have now. The bug is in Internet
Explorer, but MS refuses to acknowledge it. "Saving" a file is not the
same as "caching" a file, but the API thinks they are the same.
To give you a partial solution, I just checked in a version of CC that
lets you set the Cache-Control header value. That way you can solve the
problem however you want. It's probably best to disable the header in
your case.
Shane