Prevent browser from caching session id

Question

I am trying to make our web application more secure. So, want to prevent browser from caching session id of the application.

Our index.html already has meta tags as follows:

<meta http-equiv="Pragma" content="no-cache, no-store">
<meta http-equiv="Expires" content="-1">

But, this is not just sufficient.

Tried to include some other meta tags like:

<meta http-equiv="CACHE-CONTROL" content="NO-CACHE" />
<meta http-equiv="Expires" content="0">

but not able to achieve it.

Can any one help me with some other possible solution.

Gangadhar, when you say "but not able to achieve it", what do you mean? What's the problem, exactly? — Slava Imeshev, May 03 '16 at 03:06

score 0 · Answer 1 · edited May 23 '17 at 10:28

0

please try setting response on server side. In java you can write this

response.setHeader("Pragma", "no-cache");
    response.setHeader("Cache-Control", "no-store");
    response.setHeader("Expires", "0");
    response.setDateHeader("Expires", -1);
    response.setBufferSize(0);

Also, please refer here(HTTP response caching)

edited May 23 '17 at 10:28

Community

1
1

answered Apr 28 '16 at 05:49

Shatayu Darbhe

797
1
7
13

Prevent browser from caching session id

1 Answers1