We are having a problem with Internet Explorer where it cannot process the Cache-control header set for download without saving for SSL. See http://support.microsoft.com/kb/323308 for details.
Unfortunately, when Tomcat authentication is enabled, it automatically adds a Cache-control header with a no-store value.
I know there is a workaround when using BasicAuthenticator in Tomcat. See http://daveharris.wordpress.com/2007/07/09/how-to-configure-cache-control-in-tomcat/ . This solution describes the use of the disableProxyCaching attribute for the authenticator.
However, we use SSO authentication using org.apache.catalina.ha.authenticator.ClusterSingleSignOn, which does not have the disableProxyCaching attribute. Is there a way to change cache control headers when using SSO?
You can use a filter that will work on the cache control header that tomcat imposes.
response.setHeader ("cache-control",); chain.doFilter (request, response);