Why is Chrome caching my login page?

by GaryBishop   Last Updated September 11, 2019 09:04 AM - source

Our literacy web site for kids with disabilities is causing some users issues with logging in. You can visit the site at http://tarheelreader.org/. If you login at https://tarheelreader.org/login/, and then go to the login page again you should see a logout message. But Chrome caches the page and returns the original login page instead. The headers are:

Cache-Control:no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Content-Type:text/html; charset=UTF-8
Date:Thu, 26 Jan 2017 22:55:55 GMT
Expires:Wed, 11 Jan 1984 05:00:00 GMT
Link:<https://tarheelreader.org/?p=110663>; rel=shortlink

Which are about every way I could find to say don't cache this page. But the network tab in the debugger shows the page coming from disk cache. If I disable the cache with the checkbox in the debugger things work as they should.

Update If I set the sandbox version of the site to use HTTPS only the problem goes away. Maybe it is something about the switching from HTTP to HTTPS and back?

Answers 1

no-cache is not as strong as no-store. Chrome's documentation indicates that no-cache indicates a re-usable document, while no-store indicates that it should not be re-used.

Based on this information, your Cache-Control header should simply be:

Cache-Control: no-store

The extra values in it may be letting Chrome pick and choose which it would like to honor.

Stephen Ostermiller
Stephen Ostermiller
January 27, 2017 00:18 AM

Related Questions

Why is this response being cached?

Updated July 28, 2016 08:01 AM

Google is not showing Cache Version of My site

Updated May 17, 2018 09:04 AM

Page content showing twice on the same page

Updated December 04, 2017 08:04 AM