As a little homage to our most popular and seemingly helpful blog post about the Nasty XML load bug in Internet Explorer I created an app that tests the caching behavior of the browser it’s running in.

To recap - Loading XML files in Flash over an SSL Connection in Internet Explorer fails if the “Pragma: no-cache” or “Cache-Control: no-cache” HTTP headers are set in the server’s response.
In AS2 the loading failed silently, in AS3 we at least get an IO Error #2032, which has been discussed several times (see below)

If you want to keep the browser from caching your dynamic content you’ll have to use other means.
Judging from my tests, the best headers to prevent caching without causing errors in IE are: “Cache-Control: no-store” and/or “Expires: Thu, 01 Jan 1970 01:00:00 GMT”.

You can access the test suite here:

• Loading over an SSL connection
• Loading over a normal connection

Set the headers that you’d like the server-script to return and find out what happens when the same request is sent twice after each other.
Use the Live HTTP Headers Plugin for Firefox if you’d like to see what the server actually returns.

Other interesting insights

• The problem still exists in Internet Explorer 7! Don’t know about Vista…
• Here it’s suggested that “Cache-Control: must-revalidate” and “Cache-Control: max-age=0″ also work. While that’s true in the sense that they don’t cause an error IE, they don’t seem to prevent caching 100% - there is a timeout.
• “Pragma: no-cache” causes the error in IE, but doesn’t actually prevent it from caching at all when it’s set on a non-ssh connection.
• Firefox internally sets the expiry date of script files to the past - so unless you set the “Expires” header to the future it’ll never cache the content.
• Safari and Firefox change their caching behavior when the “Last Modified” header is set. If it’s in the past they seem to be happy to cache the file for you.

PHP sessions

Note that in PHP, as soon as you use sessions with session_start() the no-cache headers are added automatically. You’ll have to replace those headers or turn the default behavior off in php.ini. To replace the headers (found in the comments of the original post, see also the session-cache-limiter function and comments):

session_cache_limiter(’public’);
session_start();
header (”Cache-Control: cache, must-revalidate”);
// or if you still want to prevent caching
header (”Cache-Control: no-store”);
header (”Pragma: public”);

Related links:

• Adobe TechNote
• Related Microsoft bug
• More on Error #2032
• Microsoft article - How to prevent caching in Internet Explorer. Especially “The Pragma: No-Cache Header” section
• Even more trouble with gzip compression
• And the Microsoft bug report for that

CwS had a long summer’s sleep, and between servers going down and a general lack of content and lots of things to do, it wasn’t particularly helpful that I picked a subject that is described only half-heartedly or way too technical to simply take on board whereever I’d do my research.

Anyway, it’s there now, and it’s about the Platform for Privacy Preferences, a way to persuade IE with higher privacy settings to accept cookies. Go to Content with Style and read all about it! Oh, and feel free to leave your comments there…