Thursday, December 03, 2009

HTTP 1.1 caching directives for dummies and caching problems for old versions of Internet Explorer.

The reason why I published this link is because a coworker had a problem with viewing a PDF on IE6 when the cache was set to no-store over https.

The problem does not happen with Internet Explorer 7 or above or with FireFox, but the old IEs fail to retrieve the files when the cache directive is no-store or no-cache.

More of this on:

Internet Explorer file downloads over SSL do not work with the cache control headers

Unable to Open or Run Files if "Cache-Control: No Store" Header Set

and

Prevent caching when you download active documents over SSL


And another good reading on Caches on the web:

Caching Tutorial for Web Authors and Webmasters

Labels: , ,

Monday, April 09, 2007

Forms authentication and client caching in ASP.NET 1.1

We got really sad news today, the type of news that makes you have sustained stomachache for a few days.
I'm not going to blog about the way my stomach feels but to remind me that I like what I do and this is not just a job, it's a pleasure.


The Problem:

On one of our web projects that uses Forms authentication.
After the authentication process we create an encrypted ticket,
create the cookie that will be used by the FormsAuthentication
provider and redirect to the requested page:

Dim authTix As New
FormsAuthenticationTicket(1, UserName, DateTime.Now,
DateTime.Now.AddMinutes(60), isCookiePersistent, UserData)

Dim encryptedTix As String =
FormsAuthentication.Encrypt(authTix)

Dim authCookie As New
HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket)


authCookie.Expires = authTicket.Expiration


Context.Response.Cookies.Add(authCookie)
FormsAuthentication.RedirectFromLoginPage(UserName,
False)



During user log out we clear the session, call the
FormsAuthentication.SignOut() and redirect the user to the login page.

We had, however, an odd behavior. After the user has logged out of the
application, he could, by clicking the back button on the same browser
windows, navigate to the previous pages he opened. These pages were in
the secure area. These pages were not requested to the server, these
requests did not hit the server so I presumed the user was seing cached
pages in the browser.


The Solution:
To use the directive
Context.Response.Cache.SetNoStore()
on all the secure pages that shouldn't be cached.
For more info on the framework class HttpCacheability go to MSDN

For more info on Cache-Control Headers on HTTP 1.1 go here


The Side Effect Problem:

It seems IE does not store the file in its temporary Internet files folder whenever the server specifies the "no-store" http cache directive ; as a consequence, it cannot feed Acrobat/Excel or whatever external application with the output of your page. if the application has excel or pdf reports on the fly, they will generate an error if the http directive is sent in the response.


http://support.microsoft.com/kb/243717/en-us



The Second Solution:
To remove this cache header whenever you need to send to the client a file to be opened in the browser.

Labels: , , , ,