Linux Access Gateway formfill not sending appropriate no-cache headers

  • 3234710
  • 04-Jul-2007
  • 26-Apr-2012


Novell Access Management 3 Linux Access Gateway


Access Manager setup with Novell Identity server and Admini COnsole on same machine
and Linux Access Gateway on a seperate host.

Users needed access to an email application where credentials were injected using formfill
formfill. It was discovered that if one user (user2) logs in after another user (user1) and
accesses the same application, then user2 becomes user1 in that email application!

Looking at LAN traces showing the issue. We have two users logging in (user1 and
user2). user1's emailID is sso2 (received via LDAP from IDP server over
backchannel). user2's emailID is novelltest1, also received successfully over
backchannel. When user2 logs in after user1, one can see that it POSTs sso2 to
the application login page! Looking carefully at the sequence of events prior to the
browser POSTing the data, we can see that the Access Gateway did NOT send the data to
be POSTed back to the browser ... the browser was sending the info from the local
cache instead.

The issue is a caching one ... the application login page, when the browser user2 is using
makes the request for it, gets a 304 response and so the
tag never goes resent
back to the browser.
by the browser ...


Modify the application login page so that there are the appropriate cache-control headers to prevent caching on. The Access Gateway formfill has been designed to include "Cache-control: no-cache" header through the meta-tag in the HTML page being filled for SP1 to prevent the issue from happening with poorly written login pages too.