Skip to main content

Remove 'Pragma: No-cache', 'Cache-Control: no-cache' from response

9 replies [Last post]
fawzib
Offline
Joined: 2011-08-12
Points: 0

Glassfish is adding the 'Pragma: No-cache', 'Cache-Control: no-cache' to the response. Is there any configuration setting that I can set to stop Glassfish from doing it?

I have looked around and read about 'setCacheControl' but found no documentation/explanation for how to use it.
Also read about the context.xml but have not found examples on how to do this.

Could anyone give me an example on how to do this?

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
swchan2
Offline
Joined: 2005-03-29
Points: 0

For a plain jsp or servlet page, GlassFish does not the above headers.
Is it a page required authentication? Can you provide more details?

fawzib
Offline
Joined: 2011-08-12
Points: 0

swchan2 wrote:
For a plain jsp or servlet page, GlassFish does not the above headers.
Is it a page required authentication? Can you provide more details?

Yes, it is using a basic authentication (from a jdbc realm).

swchan2
Offline
Joined: 2005-03-29
Points: 0

The no-cache is added for authentication.
You may like to change to use form based login in this case.

swchan2
Offline
Joined: 2005-03-29
Points: 0

I have just checked those no-cache header are there for form based login. According to the comments in the code, these are for security purpose. So, this should not be disabled for security purposes.

fawzib
Offline
Joined: 2011-08-12
Points: 0

Well there is this bug report:

http://java.net/jira/browse/GLASSFISH-12493

So it means it should be possible, and it says its resolved. I added the context file like in the comments, using BasicAuthenticator instead of FormAuthenticator:


disableProxyCaching="false" >

But doesnt work, it also mentiuons the setControlCache in the domain.xml file but I found no howto anywhere. Thats why I'm asking here.

swchan2
Offline
Joined: 2005-03-29
Points: 0

I put the context.xml in META-INF of the war file and it works in GlassFish trunk.
However, it is insecure to set disableProxyCaching=false

fawzib
Offline
Joined: 2011-08-12
Points: 0

Maybe it would be insecure for a website like American Express or Paypal, but not for mine. :)

Question is trunk and the nightly builds the same?

swchan2
Offline
Joined: 2005-03-29
Points: 0

You can download the 4.0 promoted / nightly builds from http://glassfish.java.net/public/downloadsindex.html.

fawzib
Offline
Joined: 2011-08-12
Points: 0

Can't change it to form-based authentication. There must be a way to remove it somehow. When I install the war in jetty it doesn't happen and everything works ok.