[Zope-dev] Re: CookieCrumbler and MSIE using HTTPS

Shane Hathaway shane@zope.com
Tue, 01 Jul 2003 13:00:02 -0400


[I'm sending this to the zope-dev in the hope that Eric sees this. 
Eric, the mail relay at univ-savoie.fs is misconfigured; it rejects all 
mail from zope.com.]

Eric Brun wrote:
> The problem is describe on microsoft site : 
> http://support.microsoft.com/default.aspx?scid->http://support.microsoft.com:80/support/kb/articles/q316/4/31.asp&NoWebContent->1
> 
> I resolve it like that :
> 
> resp.setHeader('Cache-Control','max-age->1')
> against
> resp.setHeader('Cache-Control','no-cache')
> 
> What do you think of that ?

Unfortunately, max-age=1 means that caches *are* allowed to store the
response, if only for a short time.  That could be a hazard, since it
would result in *more* caching than we have now.  The bug is in Internet
Explorer, but MS refuses to acknowledge it.  "Saving" a file is not the
same as "caching" a file, but the API thinks they are the same.

To give you a partial solution, I just checked in a version of CC that
lets you set the Cache-Control header value.  That way you can solve the
problem however you want.  It's probably best to disable the header in
your case.

Shane