* make the cookie failure page non-cacheable.

diff --git a/webcit/context_loop.c b/webcit/context_loop.c
index a3b47acad173a49913fd3590af4bce3a2d97bb69..507ff9e767d1823d46139685ae09ce6403382267 100644 (file)
--- a/webcit/context_loop.c
+++ b/webcit/context_loop.c
@@ -543,8 +543,10 @@ void context_loop(ParsedHttpHdrs *Hdr)
                TheSession = CreateSession(1, &SessionList, Hdr, &SessionListMutex);
 
                if ((StrLength(Hdr->c_username) == 0) &&
-                   (!Hdr->HR.DontNeedAuth))
+                   (!Hdr->HR.DontNeedAuth)) {
                        OverrideRequest(Hdr, HKEY("GET /static/nocookies.html?force_close_session=yes HTTP/1.0"));
+                       Hdr->HR.prohibit_caching = 1;
+               }
                
                if (StrLength(Hdr->c_language) > 0) {
                        lprintf(9, "Session cookie requests language '%s'\n", ChrPtr(Hdr->c_language));

diff --git a/webcit/tcp_sockets.c b/webcit/tcp_sockets.c
index aeafad4e563e34c1d09878fa2c976fb869028930..282e2f534a238cce232ddb0dc759d88a1d6b6cf4 100644 (file)
--- a/webcit/tcp_sockets.c
+++ b/webcit/tcp_sockets.c
@@ -595,6 +595,8 @@ long end_burst(void)
                hprintf("Content-encoding: gzip\r\n");
        }
 
+       if (WCC->Hdr->HR.prohibit_caching)
+               hprintf("Pragma: no-cache\r\nCache-Control: no-store\r\nExpires:-1\r\n");
        hprintf("Content-length: %d\r\n\r\n", StrLength(WCC->WBuf));
 
        ptr = ChrPtr(WCC->HBuf);

diff --git a/webcit/webcit.h b/webcit/webcit.h
index 36f763077cc8cfa195373093bb3350e2a812ae40..b65b29d274b458ce1a5102ff65b9725a5a1d0411 100644 (file)
--- a/webcit/webcit.h
+++ b/webcit/webcit.h
@@ -414,6 +414,7 @@ typedef struct _HdrRefs {
        long ContentLength;
        time_t if_modified_since;
        int gzip_ok;                            /**< Nonzero if Accept-encoding: gzip */
+       int prohibit_caching;
 
        /* these are references into Hdr->HTTPHeaders, so we don't need to free them. */
        StrBuf *ContentType;