Sarge,
I have content-expiration enabled in IIS 6 and have it set to
expire pages immediately so no, I have not set these values using
cfheader or meta tags. (I thought I had read it was a better
practice to set the HTTP headers at the webserver.) But, what I
decided to do after reading your post, was look at the actual
headers that were being returned. I used cfhttp method="head" and
dumped the results.
I was very surprised to find that requests to CFM files do NOT
contain the HTTP cache control headers!!! The requests to other
files (html, css, js, gif) did contain the proper cache control
headers. Check it out...
<cfhttp url="
http://localhost/test.cfm"
method="HEAD"> returned the following header:
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Set-Cookie: CFID=430878;expires=Sun, 14-Sep-2036 18:56:11
GMT;path=/
Set-Cookie: CFTOKEN=20145908;expires=Sun, 14-Sep-2036
18:56:11 GMT;path=/
Set-Cookie: JSESSIONID=50306022bec03546587e;path=/
Connection: close
Date: Fri, 22 Sep 2006 18:56:11 GMT
Server: Microsoft-IIS/6.0
<cfhttp url="
http://localhost/test.html"
method="HEAD"> returned the following header:
HTTP/1.1 200 OK
Date: Fri, 22 Sep 2006 18:56:11 GMT
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
Content-Length: 152
Cache-Control: no-cache
ETag: "cefbb1677dec61:4c1"
Last-Modified: Fri, 22 Sep 2006 18:44:09 GMT
Content-Location:
http://localhost/test.html
Content-Type: text/html
I can't believe it.
Why doesn't IIS include the HTTP cache control headers for cfm
files?
David -
1) Initially I tried appending the session token to the URL.
I'm pretty sure it solved our problem with the proxies. We
abandoned this solution because it created a new problem. Members
would email each other links to a page within the application. If
the email recipient clicked the link before the session expired on
the server, they would suddenly be logged in as the user who sent
the email.
2) I'm referring to session cookies. We have J2EE session
variables enabled. CFID,CFTOKEN cookies are still set in the header
(see first header above) but ColdFusion uses the JSESSIONID cookie
for session management. (Actually, I'm not sure why the
cfid,cftoken cookies are created when J2EE session cookies are
enabled. Client management maybe?)