ONJava.com -- The Independent Source for Enterprise Java
oreilly.comSafari Books Online.Conferences.

advertisement

ONJava Topics
All Articles
Best Practices
Enterprise JavaBeans
Java and XML
Java Data Objects
Java EE (Enterprise)
Java IDE Tools
Java Media
Java SE (Standard)
Java Security
Java SysAdmin
JDO/JDBC/SQLJ
JSP and Servlets
Open Source Java
P2P Java
Web Services
Wireless Java

AddThis Social Bookmark Button
Article:
  Two Servlet Filters Every Web Application Should Have
Subject:   Caching with Tomcat Authentication
Date:   2007-04-18 20:37:41
From:   DETurner
I've seen a few blogs/comments floating about the web regarding Cache-Control: no-cache and Pragma: no-cache headers being attached to every HTTP response from Tomcat. This is particularly bad for users of IE; it will end up ignoring all caching (every GET request returning a complete 200 response with content, because it doesn't request with a If-Modified-Since date).


I've discovered this may largely be due to using any form of web-app authentication in T5.5, which appends these headers to all responses under the authentication path to prevent them being cached (see: AuthenticatorBase).


To avoid this issue, set the following in your web-app context.xml for whichever authentication method you're using:

<Valve className="org.apache.catalina.authenticator.FormAuthenticator"

		securePagesWithPragma="false" />


This will instead use Cache-Control: private which is recognised by IE correctly, and it will send a proper If-Modified-Since header back when next requesting that resource. This will usually mean Tomcat will return a 304 (Not-Modified) response for all your static image/script/css/html/etc resources!


Recommended for You