I'm a member of an interest list called jserv-interest, which discusses server side Java issues. About once a month, someone asks the question: "How do I stop the browser from caching a response?" Here's my (now-stock) answer:
First - understand that the browser can do anything it wants. All you can do is send advisory messages. So, DON'T RELY ON THIS EXCLUSIVELY. This isn't a security mechanism - it might work, but that's all you know.
Second, every time someone asks this question, people always post answers which contain information about Pragma: no-cache and Cache-Control: no-cache header fields. The problem is that the first of these is apparently intended as a request modifier, not a response modifier, and the second is an HTTP/1.1 only command. So - that means that Pragma: no-cache is not useful on the server side, and Cache-Control: no-cache will not effect any HTTP/1.0 browsers.
So, how to do it? The best way by far is to define an Expires: header field, which has a date/time that is equal to that exact moment (i.e., the value of the Date field). Defining it in the past may cause incorrect functioning in some browsers, since it's obviously an invalid date.
"But wait" someone inevitably says, "how can I do this for static files then?" The answer is you shouldn't - there's a reason why caches exist, after all...
This page last updated
This page has been accessed
times since Feb 22, 1998.