4 messages in org.apache.tomcat.devRE: Apache+SSL+mod_jk cache control h...| From | Sent On | Attachments |
|---|---|---|
| Vincent Royer | Feb 27, 2002 2:12 am | |
| GOMEZ Henri | Feb 27, 2002 2:21 am | |
| Vincent Royer | Feb 27, 2002 5:17 am | |
| GOMEZ Henri | Feb 28, 2002 12:30 am |
| Subject: | RE: Apache+SSL+mod_jk cache control headers issue | |
|---|---|---|
| From: | Vincent Royer (vro...@althes.fr) | |
| Date: | Feb 27, 2002 5:17:24 am | |
| List: | org.apache.tomcat.dev | |
-----Message d'origine----- De : GOMEZ Henri [mailto:hgo...@slib.fr] Envoyé : mercredi 27 février 2002 11:22 À : Tomcat Developers List Objet : RE: Apache+SSL+mod_jk cache control headers issue
I can't download pdf,doc,xls ... file with IE through an HTTPS+BasicAuth connexion. IE----SSL+Basic Auth------>Apache+mod_jk------------ajp13-------->tomcat4.0.2
I got an error as described in http://support.microsoft.com/default.aspx?scid=kb;EN-US;q196505.
There is real problem with IE in SSL mode, and particulary downloading pdf document where you have to play with headers between IE 4, IE 5 and IE 6.
This is due to HTTP cache control headers returned by tomcat. When a page is downloaded with an authentication, the HTTP server set cache control headers (Pragma, Cache-Control, Expires) to avoid proxies to cache the page.In such case, this gives something like that :
HTTP/1.1 200 OK Content-Type: application/pdf Content-Length: 111219 Date: Tue, 26 Feb 2002 16:20:32 GMT Pragma: No-cache Server: Apache Tomcat/4.0.2 (HTTP/1.1 Connector) Cache-Control: no-cache Last-Modified: Tue, 26 Feb 2002 16:13:27 GMT ETag: "111219-1014740007000" Expires: Thu, 01 Jan 1970 00:00:00 GMT
When the page is downloaded through an HTTPS connexions, those cache control headers are not more needed because the document is encrypted ! Through the mod_jk connector (even with JkExtractSSL directive), tomcat always set cache control headers when Authentication is done.
I have done some tests with Apache. Cache control headers are not set when using SSL and Authentication and I have no problem with IE to download .pdf, .doc etc ... So, there might be something to correct in the Ajp13 connector...
Yes, we have to detect we're on a secure connection and remove the cache control headers. Seems to be implemented in Tomcat rather in mod_jk/ajp13 since the same behaviour is required in java http connector in secure mode.
Could you try to use mod_jk from jakarta-tomcat-connectors against TC 3.3 and TC 4.0.2 ?
I have done those tests whith tomcat 4.0.2. I'm going to try with tomcat-3.3 ... bye.
-- To unsubscribe, e-mail:
<mailto:tomc...@jakarta.apache.org> For additional commands, e-mail: <mailto:tomc...@jakarta.apache.org>
*---------------------------------------------------------------* * Cet e-mail et toutes les pièces jointes sont destinés aux * * seules personnes auxquelles ils sont spécifiquement adressés * * et n'engagent que le signataire de ces documents et non la * * structure dont il dépend. * * Leur existence et leur contenu ont un caractère confidentiel. * * Toute utilisation ou diffusion non autorisée est interdite. * * Si vous avez reçu cet e-mail ou si vous détenez sans en être * * le destinataire, nous vous demandons de bien vouloir nous en * * informer immédiatement. * * Cette note assure que ce message a été contrôlé et ne * * comprenait aucun virus connu à ce jour, néanmoins tout * * message électronique est susceptible d'altération. * * Nous déclinons toute responsabilité au titre de ce message * * s'il a été altéré, déformé ou falsifié. * *---------------------------------------------------------------*