From: Wilfried Göesgens <willi@citadel.org>
Date: Mon, 1 Jun 2009 13:44:52 +0000 (+0000)
Subject: * make the cookie failure page non-cacheable.
X-Git-Tag: v7.86~1110
X-Git-Url: https://code.citadel.org/?p=citadel.git;a=commitdiff_plain;h=0e3d2a31e4cfccca04bca725b2fe84acd4f3adb2

* make the cookie failure page non-cacheable.
---

diff --git a/webcit/context_loop.c b/webcit/context_loop.c
index a3b47acad..507ff9e76 100644
--- a/webcit/context_loop.c
+++ b/webcit/context_loop.c
@@ -543,8 +543,10 @@ void context_loop(ParsedHttpHdrs *Hdr)
 		TheSession = CreateSession(1, &SessionList, Hdr, &SessionListMutex);
 
 		if ((StrLength(Hdr->c_username) == 0) &&
-		    (!Hdr->HR.DontNeedAuth))
+		    (!Hdr->HR.DontNeedAuth)) {
 			OverrideRequest(Hdr, HKEY("GET /static/nocookies.html?force_close_session=yes HTTP/1.0"));
+			Hdr->HR.prohibit_caching = 1;
+		}
 		
 		if (StrLength(Hdr->c_language) > 0) {
 			lprintf(9, "Session cookie requests language '%s'\n", ChrPtr(Hdr->c_language));
diff --git a/webcit/tcp_sockets.c b/webcit/tcp_sockets.c
index aeafad4e5..282e2f534 100644
--- a/webcit/tcp_sockets.c
+++ b/webcit/tcp_sockets.c
@@ -595,6 +595,8 @@ long end_burst(void)
 		hprintf("Content-encoding: gzip\r\n");
 	}
 
+	if (WCC->Hdr->HR.prohibit_caching)
+		hprintf("Pragma: no-cache\r\nCache-Control: no-store\r\nExpires:-1\r\n");
 	hprintf("Content-length: %d\r\n\r\n", StrLength(WCC->WBuf));
 
 	ptr = ChrPtr(WCC->HBuf);
diff --git a/webcit/webcit.h b/webcit/webcit.h
index 36f763077..b65b29d27 100644
--- a/webcit/webcit.h
+++ b/webcit/webcit.h
@@ -414,6 +414,7 @@ typedef struct _HdrRefs {
 	long ContentLength;
 	time_t if_modified_since;
 	int gzip_ok;				/**< Nonzero if Accept-encoding: gzip */
+	int prohibit_caching;
 
 	/* these are references into Hdr->HTTPHeaders, so we don't need to free them. */
 	StrBuf *ContentType;