Cache, IE6 and Tomcat authentication

Coordinator
Nov 4, 2009 at 2:00 PM
Edited Nov 4, 2009 at 3:57 PM

When IE6 receives a file read by a plugin, IE put the file in the cache and call the plugin. If the header Pragma is set to No-cache or Cache-control to no-cache, there is no file. When Tomcat authenticates a user, it adds these headers. So... the user cannot see the content of the file. The result is the same with or without SSL or https.
You can change the behavior of Tomcat with the parameters disableCachingProxy and securePagesWithPragm. They are defined in the class AuthenticatorBase of tomcat.
You have two solutions:
1) You can add the option securePageWithPragma="false" to the definition of the Valve SSPAuthenticator, so the header Cache-control is set to private.
2) You can add the option disableCachingProxy ="false" to the definition of the Valve SSPAuthenticator, so tomcat does not add these heders. Your application can, of couse, add the headers like you need.

In the case 1) you change the definition to: <Valve className="fr.doume.authenticator.SSPAuthenticator" securePageWithPragma="false" /> if you use the dll or <Valve className="fr.doume.v2.authenticator.SSPAuthenticator" securePageWithPragma="false" /> if you use the service negoserver.
In the case 2) you change the definition to: <Valve className="fr.doume.authenticator.SSPAuthenticator" disableProxyCaching="false" /> if you use the dll or <Valve className="fr.doume.v2.authenticator.SSPAuthenticator" disableProxyCaching="false" /> if you use the service negoserver.

With IE8 or Firefox, you have not this difficulty.

Domnique Guerin