W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 2002

HTTPS and cache on the client-side

From: Már Örlygsson <mar@anomy.net>
Date: Mon, 11 Feb 2002 11:05:15 +0000
To: http-wg@cuckoo.hpl.hp.com
Message-ID: <20020211110515.A9523@klaki.net>
Hi. I'm doing a research on client-side caching of web documents sent over
HTTPS - if (and how) web browsers respect "Cache-Control: (private)" and
valid "Expires" headers sent by the server over a secure connection.

I've searched the web extensively, but I've come up with very little
reliable information outside the fact that "HTTPS is simply HTTP served over
SSL" and some people second-guessing about browsers not caching HTTPS
documents at all...

Any authoriative information (or insight) would be most appreciated...
...and the development community could also benefit from this knowledge,
as it seems not to be readily available out there.


My problem:

I am part of a team developing a web-app served over HTTPS. The application
is split into several HTML frames (some with comletely static/generic
content) and there are several image files that are an essential part of the
design.

Since bandwidth-use and server-load is a big issue for us, we'd like to
cache as many of the pages/images as possible, while serving the whole
application over HTTPS, as we don't want the users (many of which are one
time users) confronted by dialog-windows notifying them about there being
"both secure *and* insecure items on the page"...



Cheers, and thanks in advance for anything you might be able to share.

-- 
Már Örlygsson
------------------------------
mailto:mar@anomy.net
http://mar.anomy.net
Received on Monday, 11 February 2002 12:45:08 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:33:45 EDT