Dear Mozilla Team, How can i prevent a page being viewed from cache from "Work Offline" mode after user is logged out? We are working on Java technologies.
Dear Team,
We are working on bank application where security is primary concern (but obvious).
In Firefox, following scenario is security leak.
1. User logged in using normal online mode and do the transaction and logged out. 2. Another user takes the browser, goes to "Work Offline" mode. 3. From history, another user can access all the pages first user accessed.
Please revert on urgent basis.
Všetky odpovede (7)
You can have Firefox clear the history, when closing. See:
Note that Firefox will disable the disk cache entirely if you use "Clear history when Firefox closes" to clear the cache (see about:cache this is missing the disk cache section in this case).
It would be best to use Private Browsing mode to visit websites from which you do not want to keep history.
Dear All,
Thanks for the reply.
As informed, we are working on Bank application. So end users can be anyone. Hence we cannot force our user to do so.
Is there any possibility to disable "Work Offline" option ?? Or prevent a page from being accessed from cache in "Work Offline" mode ?
Thanks
Alpesh
Is there any possibility to disable "Work Offline" option ?
Not from your end, only the user can changes prefs like that.
Is there a reason that you can't use no cache for those pages?
Or check with Java about how to not use the "Offline Web Content" cache with Java?
You can probably do this by requesting all data via an XMLHttpRequest, so that only the page with the JavaScript code is cached, but not the actual data.
Dear cor-el,
In bank application, we are not allowed to use such javascript objects to flow. We are using JSP as a view.
Any particular suggestion for Java ?
Thanks
Dear the-edmeister,
We are using following code in HTML to prevent it from being cached. But its not working out.
<meta http-equiv="cache-control" content="no-cache" /> <meta http-equiv="expires" content="0" /> <meta http-equiv="expires" content="Tue, 01 Jan 1980 1:00:00 GMT" /> <meta http-equiv="pragma" content="no-cache" /> </head>
Thanks
Upravil(a) cor-el dňa