Linux Access Gateway formfill not sending appropriate no-cache headers

Access Manager setup with Novell Identity server and Admini COnsole on same machine

and Linux Access Gateway on a seperate host.

Users needed access to an email application where credentials were injected using formfill

formfill. It was discovered that if one user (user2) logs in after another user (user1) and

accesses the same application, then user2 becomes user1 in that email application!

Looking at LAN traces showing the issue. We have two users logging in (user1 and

user2). user1's emailID is sso2 (received via LDAP from IDP server over

backchannel). user2's emailID is novelltest1, also received successfully over

backchannel. When user2 logs in after user1, one can see that it POSTs sso2 to

the application login page! Looking carefully at the sequence of events prior to the

browser POSTing the data, we can see that the Access Gateway did NOT send the data to

be POSTed back to the browser ... the browser was sending the info from the local

cache instead.

The issue is a caching one ... the application login page, when the browser user2 is using

makes the request for it, gets a 304 response and so the 
 tag never goes resent

back to the browser.

by the browser ...

Modify the application login page so that there are the appropriate cache-control headers to prevent caching on. The Access Gateway formfill has been designed to include "Cache-control: no-cache" header through the meta-tag in the HTML page being filled for SP1 to prevent the issue from happening with poorly written login pages too.