Disabling browser caching in Tomcat 6

Question

We want the web server to return the following http headers in all responses containing sensitive content:

Cache-control:no-store
Pragma:no-cache.

We are using tomcat server 6.0 version.

Please suggest where we have to make changes.

http://stackoverflow.com/questions/2563344/how-to-add-response-headers-based-on-content-type-getting-content-type-before-t — Michael, Mar 01 '12 at 14:52

score 1 · Answer 1 · answered Mar 14 '12 at 19:44

1

Servlet Filter like this should help:

public class ResourceCacheFilter implements Filter {
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        HttpServletResponse res = (HttpServletResponse) response;
        res.setHeader("Cache-Control", "no-store, no-cache, must-revalidate, post-check=0, pre-check=0");
        res.setHeader("Pragma", "no-cache");
        chain.doFilter(request, response);
    }
}

answered Mar 14 '12 at 19:44

alexkasko

4,855
1
26
31

When I added this and added filter url mapping in web.xml. but myClientapp /* CacheManagerFilter *.jsp ` this is causing problem. when I add filter manager all pages become blank, if i remove then it will be load the pages. how to resolve this issue ? – Sadanand May 22 '14 at 04:17

score 0 · Answer 2 · edited May 23 '17 at 10:34

0

Depending on your security constraint you can setup tomcat valve to have securePagesWithPragma to true (default) which would set the headers as you requested. please refer to Tomcat6 Valve Documentation for further details and also Tomcat: Cache-Control

edited May 23 '17 at 10:34

Community

1
1

answered Jan 23 '13 at 05:15

Petar Vlahu

21
6

Disabling browser caching in Tomcat 6

2 Answers2