I have two pages.
a.php
------
<?php
Header("Pragma: no-cache"); #HTTP 1.0
Header("Cache-control: private, no-cache, no-store");
Header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
?>
<html>
<head>
<title>1st Page</title>
</head>
<body>
<p>
This is the first page.<br>
<a href="b.html">Click here</a> to go to the second page.
</p>
</body>
</html>
b.html
------
<html>
<head>
<meta http-equiv="cache-control" content="no-cache">
<title>2nd Page</title>
</head>
<body>
<p>
This is the second page.<br>
</p>
</body>
</html>
Then I try the following steps:-
1. Open http://[mysite]/a.php
2. Click the link on it to go to b.html.
3. Then click on "Work Offline" from the "File" menu of the browser.
4. Hit the back button.
I am expecting that on pressing the back button I shouldn't be able to get
a.php since caching was disabled.
When I try the above steps with Internet Explorer, I am unable to get back
a.php in "offline" mode. So this is OK.
But, when I try the above steps with Mozilla Firefox, I am able to get back
a.php in "offline" mode even though caching was disabled.
Why didn't Mozilla Firefox obey the directives in the HTTP Headers?
-------------------------------------------------------------------------
Sponsored by: Watchfire
Watchfire was recently named the worldwide market leader in Web
application security assessment tools by both Gartner and IDC.
Download a free trial of AppScan today and see why more customers choose
AppScan then any other solution. Try it today!
https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008VnB
--------------------------------------------------------------------------
