What is the effective method to prevent caching to login page ? My users can accessing another user's private page without login And sometime when i go to webmail, automatically i directed to another user inbox. Many users in my office complaining about his privacy because of this. I can prevent to caching some URL, but i think that is not effective method to solve the problem. I think preventing to caching cookies is the best solution. Any idea ?
You can either create a URL set which points to the logon screen's url and then create a rule that does not cache to that url. your specify the URL set you created in the "To" box and place this rule above you other cache rules.
Another way to do it is to untick the box that states:
"Content requiring user authentication for retrival" under the "Store in cache" section on the "Cache Store and Retrieval"
Like i said before that creating rule by URL set is not efficient, because there is too many websites using login page. Maybe "Content requiring user authentication for retrival" option is good, i'll try it.
"Content requiring user authentication for retrival" option didn't work. After a user accessing to his private page, another user can go to his private page without login. I think, that happen because ISA server caching to the cookies.
The change in setting will only work for any newly cached settings, you need to manually delete the websites that it has cached already. There is a tool that allows you to view the content on the cache and allow deletion of the cache data.
You may also want to uncheck the "dynamic content" box as well becase we had a similar problems to yours.
Hi shanyuen, When search on internet, i feel happy to pass by this web site and this item because i still have a problem with my ISA server 2004. YOur way: "I think preventing to caching cookies is the best solution. Any idea ?" Can you help me to prevent to caching cookies? Thanks shanyuen, *** Hung Nguyen ***
I had clearing all ISA cache and browser cache, but when someone login to website, another users still can access that website using the previous user id. Maybe i'll give up with this problem. Then how to prevent caching by URL set only for page not images, because i still want to caching it's images ?
u need to uncheck "cache dynamic content" in the cache rule setup.. the "content requiring user authenication" only with the stuff protected with directory security..and a dialoge box pops up in your browser asking for username password and domain..