• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag
 

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Backtracking and Safari
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Backtracking and Safari


  • Subject: Re: Backtracking and Safari
  • From: Michael DeMan <email@hidden>
  • Date: Fri, 6 Jun 2008 03:25:17 -0700

Hi,

Ironically, I  just bumped into some back tracking issues as well.

Setting the appropriate headers in the response, plus adding the little iFrame per the apple FAQ works great for session based pages where a form has been submitted, and such, but does not work at all for direct actions.

Use case is something like:

(A) User goes to a DirectAction for a customer execute a purchase.

(B) Customer executes the purchase, a 'Thank You' page is returned (via pageWithName, session got created) and the session is terminated.

(C) In Safari, but not Thunderbird or IE6, the back up button allows anybody who comes to that computer to view the prior page, including credit card information.

I played a lot with even setting the page cache to zero, forcing a URL key/value pair on the link to the direct action, all to no avail.

Does anybody know a workaround for this?

If the user says has a field validation error, and additional pages are inserted between (A) and (B) above from reporting validations and having the user correct mistakes, those pages operate as expected, but even then, it is still possible for a determined user to back up all the way to the very first direct action page and see all the data on that original page. Seems maybe Safari is filling in the field values itself from some sort of local cache?

Thanks,

- mike

On Jun 6, 2008, at 12:24 AM, Joe Moreno wrote:

Chuck,

When I start wondering if Safari is caching a page or if it's my own bug I add something useless to the end of the URL (i.e. either server side or client side via JavaScript). Usually, I'll just tag on a key/value pair such as ?t=1212726377311 which is simply the time. To Safari, and any proxy servers, this appears as a new request.

- Joe


On Jun 3, 2008, at 17:24:12, Chuck Hill wrote:

Hi,

Safari, at least as of version 3.1.1 (5525.20) does not seem to respect the headers that control local page caching. The Safari FAQ claims to show how to do this:
http://developer.apple.com/internet/safari/faq.html#anchor5


Returning
last-modified = ("Wed, 04-Jun-2008 00:10:53 GMT");
cache-control = ("no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0");
expires = ("Mon, 26 Jul 1997 05:00:00 GMT");
date = ("Wed, 04-Jun-2008 00:10:53 GMT");
pragma = ("no-cache");


still results in Safari using the local cache instead of making a trip back to the server. The Web Inspector in Safari show that it is getting these headers, but it seems to ignore them. I have reported this to Apple.

Obviously, this has rather serious implications for those of use deploying dynamic web applications. The back button is hard enough to deal with when the browser works correctly!

Any suggestions for work arounds gratefully attempted.

Chuck







_______________________________________________ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list (email@hidden) Help/Unsubscribe/Update your Subscription: This email sent to email@hidden
References: 
 >Backtracking and Safari (From: Chuck Hill <email@hidden>)
 >Re: Backtracking and Safari (From: Joe Moreno <email@hidden>)

  • Prev by Date: Re: Backtracking and Safari
  • Next by Date: Re: ALCATRAZ! (Was: [OT] WOWODC Outing)
  • Previous by thread: Re: Backtracking and Safari
  • Next by thread: restricting qualifiers and join entities
  • Index(es):
    • Date
    • Thread