Avoid unnecessary cache revalidation.
Any cache that understands cache-control is not going to need to the
expires header. Keep it in the securePagesWithPragma branch since that
is for old HTTP/1.0 proxies that may not understand cache-control.
diff --git a/java/org/apache/catalina/authenticator/AuthenticatorBase.java b/java/org/apache/catalina/authenticator/AuthenticatorBase.java
index faf98cb..d751582 100644
--- a/java/org/apache/catalina/authenticator/AuthenticatorBase.java
+++ b/java/org/apache/catalina/authenticator/AuthenticatorBase.java
@@ -552,10 +552,10 @@
// Note: These can cause problems with downloading files with IE
response.setHeader("Pragma", "No-cache");
response.setHeader("Cache-Control", "no-cache");
+ response.setHeader("Expires", DATE_ONE);
} else {
response.setHeader("Cache-Control", "private");
}
- response.setHeader("Expires", DATE_ONE);
}
if (constraints != null) {
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index e323f45..8209037 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -123,6 +123,11 @@
<bug>65443</bug>: Refactor the <code>CorsFilter</code> to make it easier
to extend. (markt)
</add>
+ <fix>
+ To avoid unnecessary cache revalidation, do not add an HTTP
+ <code>Expires</code> header when setting adding an HTTP header of
+ <code>CacheControl: private</code>. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
