Preventing caching of server side include files - caching

I have a classic ASP page that calls in some other ASP files using Server Side Includes.
I want neither the main file nor the included files to be cached by any browser.
At the moment my main looks something like this:
<%# Language="VBSCRIPT" %><% Option Explicit %>
<%
Response.CacheControl = "no-cache"
Response.AddHeader "Pragma", "no-cache"
Response.Expires=-1
%>
<!--#include file="scripts1.asp"-->
<!--#include file="scripts2.asp"-->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>myTitle</title>
<!--#include file="head.asp"-->
</head>
<body>
<!--#include file="body.asp"-->
</body>
</html>
I have only placed the Response.CacheControl, Response.AddHeader, Response.Expires code on the main page and not on the included files.
My questions are:
Do all server side included ASP pages need the Response.CacheControl, Response.AddHeader and Response.Expires code that I have used, or just the main file?
Is the code I have used sufficient to prevent caching on all browsers?

Only the "master" output page needs the headers, as you've shown. The server-side include happens internally on the server, so the browser never sees it.
You're doing it right.

Related

Hack altering pages pages at server

It looks like my site has been hacked. I have removed all files form the site (on IIS7) and replaced it with a simple asp file:
<%# Language=VBscript%>
<%
%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
</head><body>
</body>
</HTML>
If the page is called with the HTTPreferer as 'googlebot' a load of spam links are inserted just before the body close tag. Otherwise the page works fine.
I have the site on shared hosing but have access to IIS7 manager for the site with limited control. I cannot see a URL rewrite function or anything that will allow the page to be altered before the data being sent. There are some functions of the IIS7 system I dont have access to as it is a shared server and I am trying to work with my hosting provider to resove the problem, but they also seem to be drawing a blank.
any ideas? its killing my google rankings!
PS is does affect another of my sites on the same hosing system but not all my sites nor a couple of others I tested.

understanding the hotlinking of images

i have one image which works fine if reloaded in browser or if you enter in browser and click enter it will load else it will show nothing i have checked locally as well and it is not working if kept in img tag but if that image is opened seperately inh browser and then page is opened it is showing..
this is the image url
http://iv1.lisimg.com/image/1440189/600full-chae--young-han.jpg
almost all img urls of listal.com is like that.
i have tried basic image loader
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<body><img src="http://iv1.lisimg.com/image/2359052/600full-kim-rossi-stuart.jpg" />
</body>
is this geographically targeted??/ or something like this?
please suggest

How to prevent form fields from repopulating after clicking the back button?

I have a simple form which has four fields named firstName, lastName, address and phone number.
After a user fills this form and clicks the submit button, if everything goes fine, I am redirecting that user to a success page.
But on clicking the browser back button from the success page the form field values are repopulating on the form. How can I prevent this from happening?
I have already tried this code:
<cfheader name="cache-control" value="no-cache, no-store, must-revalidate">
<cfheader name="pragma" value="no-cache">
<cfheader name="expires" value="#getHttpTimeString(now()-1)#">
But it is not working.
Repopulating form fields is a good thing, stop trying to break it.
If what you actually want is to prevent duplicate submissions, send a unique id (e.g. UUID) along with the form and keep track of the ones you've received recently (how many to keep track of depends on your application).
If you receive a duplicate you can either ignore it (and display appropriate message), or go a step further: check whether the received data has already been submitted or whether it's an attempt to change the previous submission (i.e. fixing a typo), or to create a new record (maybe firstname and phone were changed), or prompt the user to choose, or whatever.
Repopulating the FORM fields is a good think i know but we can disable it by using
autocomplete="off"
This works when I run it. First, file testform.cfm
<cfsetting showdebugoutput="no">
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0
Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<CFHEADER NAME="Cache-Control" VALUE="no-cache, no-store, must-revalidate">
<!--- this is meant for legacy HTTP 1.0 servers
- only prevents caching when used with secure communications (https://) --->
<CFHEADER NAME="Pragma" VALUE="no-cache">
<!--- this doesn't prevent caching,
just means for future requests that browser must contact server for fresh copy.
cached copy used for BACK and FORWARD buttons--->
<CFHEADER NAME="Expires" VALUE="-1">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
</head>
<body>
<form action="formtarget.cfm" method="post">
<input type="text" name="x" value="" />
<input name="submitbutton" type="submit" />
</form>
</body>
</html>
This is formtarget.cfm
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0
Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
</head>
<body>
<cfdump var="#form#">
</body>
</html>
We have those three cfheader tags in a custom tag.

IE9 compatibility mode

I have an issue with a website not working properly in IE10 (some pages using iframes). In IE10, I can click on the 'Compatibility view' button and everything works fine again.
To avoid users having to do this, I tried to insert the meta tag in the header of the master page (it's a .NET website), and also in the root web.config (in the system.webserver config block). I also tried IE=9, IE-8...
Nothing works. Is the browser not properly interpreting the tag? I know it sees it because when the tag is there, the 'Compatibility view' icon disappears. What am I missing?
Ie 9 – compatibility: <meta http-equiv="X-UA-Compatible" content="IE=9">
If you want ie 8: <meta http-equiv="X-UA-Compatible" content="IE=8">
if you want both: <meta http-equiv="X-UA-Compatible" content="IE=9; IE=8;">
Try
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1,requiresActiveX=true">
Reference: https://github.com/h5bp/html5-boilerplate/blob/v4.1.0/doc/extend.md#internet-explorer
Try adding
Response.Cache.SetCacheability(HttpCacheability.NoCache);
example:
<%# Page Language="C#" AutoEventWireup="true" CodeBehind="GeneralLedgerCodeListingCustomForm.aspx.cs" Inherits="xyz.GeneralLedgerCodeListingCustomForm" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<%
Response.Cache.SetCacheability(HttpCacheability.NoCache);
%>

IE8 forcing document mode as IE7 standards

For my webapplication I am using IE8 as a standard browser.Sometimes the browser is setting Document mode as IE-7 Standards.
I have already tried Servlet Headers as IE=8,IE=edge and all other settings,also my DOCTYPE is also proper.
Does anyone knows why IE is forcing such behaviour ?
You can force IE to use compatibility mode with X-UA-Compatible Meta Tag:
IE 7:
<meta http-equiv="X-UA-Compatible" value="IE=7">
IE 8:
<meta http-equiv="X-UA-Compatible" value="IE=8">
IE 9:
<meta http-equiv="X-UA-Compatible" value="IE=9">
IE look also at the page DOCTYPE:
Standards View
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>This page is NOT Rendered in Compatibility View</title>
</head>
<body>
<h1>This page is NOT Compatibility View</h1>
</body>
</html>
Compatibility View
<html>
<head>
<title>This page is NOT Rendered in Compatibility View</title>
</head>
<body>
<h1>This page is NOT Compatibility View</h1>
</body>
</html>
Standards View
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>This page is NOT Rendered in Compatibility View</title>
</head>
<body>
<h1>This page is NOT Compatibility View</h1>
</body>
</html>
Compatibility View
<?xml version="1.0" encoding="UTF-8">
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>This page is NOT Rendered in Compatibility View</title>
</head>
<body>
<h1>This page is NOT Compatibility View</h1>
</body>
</html>
Note, that last example should load as standards view in XHTML mode. But Internet Explorer interprets that XML declaration as requiring compatibility view.
I resolved similar issue like this:
<meta http-equiv="X-UA-Compatible" content="IE=8,IE=9,IE=10,chrome=1" />
Take into account IE version should start from the lowest version.

Resources