<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=windows-1252">
</head>
<body smarttemplateinserted="true" bgcolor="#FFFFFF" text="#000000">
<div id="smartTemplate4-template">Dear Gervase,
<br>
<br>
what if logout is not clicked on? Should session timeout trigger
the same? How would the browser detect that? (I assume the site
cannot ping the browser when the session times out but I might be
wrong)<br>
<br>
cheers,<br>
Axel<br>
<br>
-- <br>
<style type="text/css">
.myName:hover, .myName a:hover { font-size:13pt; text-shadow: 3px 3px 4px rgba(200,250,200,0.7);}
.moz-signature {opacity: 1.0 !important;}
.myName a { cursor: pointer !important; transition:font-size 0.5s;}
.myLogo {
transition: all .4s ease-out;
}
.myLogo:hover {
transform: scale(3) translate(-30px,-5px);
}
</style>
<div id="mySignature" style="width: 65%; padding: 0.8em 1.2em;
font:x-small verdana; color: #444; box-shadow: 4px 4px 9px -2px
rgba(0,0,0,0.65); border-radius: 1em; padding: 0.4em 2em;
border: 1px dashed #444; background: rgb(230,240,163);
background: linear-gradient(to bottom, rgba(230,240,163,1)
0%,rgba(210,230,56,1) 50%,rgba(195,216,37,1)
51%,rgba(219,240,67,1) 100%);">
<b class="myName" style="text-shadow: 1px 1px 2px #DDD;
transition:font-size 0.5s;"><a
href="mailto:axel.grude@gmail.com">Axel Grude</a></b>
<br>
Software Developer
<br>
Thunderbird Add-ons Developer
<span style="color:#666666; font-size:xx-small">(QuickFolders,
quickFilters, QuickPasswords, Zombie Keys, SmartTemplate4)</span>
<br>
AMO Editor <img style="margin-top: 1em; float: right;
box-shadow: 1px 1px 2px rgba(20, 20, 20, 0.4);"
moz-do-not-send="false" class="myLogo"
src="cid:part2.05020906.01070309@gmail.com" alt="Get
Thunderbird!" height="15" width="94">
</div>
</div>
<div id="smartTemplate4-quoteHeader">
<style type="text/css" scoped="">
#newHeaderAG1 b { font-weight:bold; color: #990033; }
</style><br>
<blockquote type="cite" style="margin-bottom: -20px !important;
padding-bottom:20px !important;">
<div id="newHeaderAG1" style="font-size: x-small; padding:1em;
background-color:rgba(220,220,240,0.4); border-radius:3px;"> <b>Subject:</b>
Site-driven cache clearing<br>
<b>To:</b> Firefox Dev <br>
<b>From: </b>Gervase Markham<br>
<b>Sent: </b>Monday, 07/09/2015 16:01:31 16:01 GMT ST +0100
[Week 36]<br>
</div>
</blockquote>
</div>
<blockquote class=" cite" id="mid_55EDA6CB_1000208_mozilla_org"
cite="mid:55EDA6CB.1000208@mozilla.org" type="cite">
<pre wrap="">Tell me why this is a dumb idea...
Sites sometimes want to prevent a user caching files, because they don't
want confidential information sitting around in the cache. Currently,
sites can prevent browsers caching resources, using no-cache headers,
but at the cost of breaking the Back button, increasing server load and
decreasing performance.
What if sites could add a tag in an HTML header to resources, which was
associated with those resources in the cache, such that when the user
clicked Logout, the site could say "remove all cache entries for this
tag"? This would mean sites wouldn't have to use no-cache headers (with
all the downsides they have) but could rely on sensitive data being
cleared when the user logged out.
Could sites use this for evil? Sites have no incentive to make
themselves perform worse in browsers (by clearing the cache), and they
can already prevent caching of resources - just with unfortunate
side-effects.
Gerv
_______________________________________________
firefox-dev mailing list
<a class="moz-txt-link-abbreviated" href="mailto:firefox-dev@mozilla.org">firefox-dev@mozilla.org</a>
<a class="moz-txt-link-freetext" href="https://mail.mozilla.org/listinfo/firefox-dev">https://mail.mozilla.org/listinfo/firefox-dev</a>
</pre>
</blockquote>
<br>
<br>
</body>
</html>