As a little homage to our most popular and seemingly helpful blog post about the Nasty XML load bug in Internet Explorer I created an app that tests the caching behavior of the browser it’s running in.
To recap - Loading XML files in Flash over an SSL Connection in Internet Explorer fails if the “Pragma: no-cache” or “Cache-Control: no-cache” HTTP headers are set in the server’s response.
In AS2 the loading failed silently, in AS3 we at least get an IO Error #2032, which has been discussed several times (see below)
If you want to keep the browser from caching your dynamic content you’ll have to use other means.
Judging from my tests, the best headers to prevent caching without causing errors in IE are: “Cache-Control: no-store” and/or “Expires: Thu, 01 Jan 1970 01:00:00 GMT”.
You can access the test suite here:
Set the headers that you’d like the server-script to return and find out what happens when the same request is sent twice after each other.
Use the Live HTTP Headers Plugin for Firefox if you’d like to see what the server actually returns.
Other interesting insights
- The problem still exists in Internet Explorer 7! Don’t know about Vista…
- Here it’s suggested that “Cache-Control: must-revalidate” and “Cache-Control: max-age=0″ also work. While that’s true in the sense that they don’t cause an error IE, they don’t seem to prevent caching 100% - there is a timeout.
- “Pragma: no-cache” causes the error in IE, but doesn’t actually prevent it from caching at all when it’s set on a non-ssh connection.
- Firefox internally sets the expiry date of script files to the past - so unless you set the “Expires” header to the future it’ll never cache the content.
- Safari and Firefox change their caching behavior when the “Last Modified” header is set. If it’s in the past they seem to be happy to cache the file for you.
Note that in PHP, as soon as you use sessions with session_start() the no-cache headers are added automatically. You’ll have to replace those headers or turn the default behavior off in php.ini. To replace the headers (found in the comments of the original post, see also the session-cache-limiter function and comments):
header (”Cache-Control: cache, must-revalidate”);
// or if you still want to prevent caching
header (”Cache-Control: no-store”);
header (”Pragma: public”);