Question

4
Replies
2883
Views
Close popover
Senthilraj Sellappandi (SenthilrajS)
BNY Mellon

BNY Mellon
IN
View Profile Send Message
SenthilrajS Member since 2012 1 post
BNY Mellon
Posted: July 11, 2016
Last activity: August 9, 2016
Closed

Browser cache control

I have a requirement that application should not save sensitive data to browser's local cache.

 

I can see from response headers that Cache-Control is set max-age=0. But still application responses are getting stored in Temporary Internet Files folder. I don't want the response to be stored in Temporary Internet Files.

 

I tried the settings <env name="initialization/DefaultCachingTimeout" value="0" /> which I found in PDN. But it is not working.

 

Is there a way to control browser cache in pega?

***Updated by moderator: Marissa. Removed user added Ask the Expert & #Helpme tags. Apologies for confusion, shouldn't have been an end-user option.***

Security
Close popover
Moderation Team has archived post,
Close popover This thread is closed to future replies. Content and links will no longer be updated. If you have the same/similar Question, please write a new Question.
Posted: 4 years ago
Close popover
Harish Gunneri (Harish_GCS)
PEGA
Senior Software Solutions Engineer
Pegasystems Inc.
US
View Profile Send Message

Hi Senthil,


Can you try the below setting and let us know if it's of any help ?


<env name="http/UseNoCacheHeaders" value="true"/>


This setting is used to prevent dynamic content from being cached on the client machine. The default for this setting is false, meaning that the dynamic content will be cached on the client machine. When this entry is set to true, the dynamic content sent to the client will not only be set to expire immediately, but also will not be cached.


 


 

Posted: 4 years ago
Close popover
Santanu Bhattacherjee (Santanu)
PEGA
Manager CRM - Field Service
Pegasystems Inc.
IN
View Profile Send Message

Hello


Ideally this work. If it is not working then try the following :


1. Clear your server side cache and restart your server. This can  ensure that the changes on prconfig is picked by system and fresh cache gets built


2.Client side, clear the browser cache.


3. Then access your application and try loading some static contents. Check whether your static content files exists or not.

Posted: 4 years ago
Close popover
Senthilraj Sellappandi (SenthilrajS)
BNY Mellon

BNY Mellon
IN
View Profile Send Message

We applied the settings <env name="http/UseNoCacheHeaders" value="true"/> and tested. 


We can see that now header Cache-Control: no-cache is added to the response and works in IE. But our internal risk management team tested it and informed that this setting will not work in all the browsers. And they suggested to include the following in header:


Cache-Control: no-cache; no-store, must-revalidate, private 


Is there any way in pega to added the above values in response header?
Share this page Share via LinkedIn Copying...
Copied!