[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Preventing Caching
Mark Nottingham provided a pointer to his web page on HTTP caching. http://www.mnot.net/cache_docs/ Naturally it is intended to deal primarily with the most common case of Browser to Server HTML content using HTTP GET Req/Resp. 1. Note that only responses are cached. 2. SSL/TLS traffic is not cached. 3. Traffic with auth headers or cookies are usually not cached. 4. Post responses are not cached. For these reasons, a SOAP message sent over HTTP with a POST method is unlikely to be cached even if no special steps are taken to supress caching. Obviously a SAML Assertion carried in a POST message will never be cached. On the principle of using belt and suspenders, SAML nodes SHOULD do the following: Clients: HTTP Headers - Cache-Control: no-cache, no-store HTML Pragma - no-cache Servers: HTTP Headers - No validator on the response (Last-Modified or ETag header) - Cache-Control: no-cache, no-store, must-revalidate, private HTML Pragma - no-cache Hal
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]