Disable Browser Caching in WebCenter Portal Pages

Before WebCenter Portal applications go live it is recommended to perform a hacking audit. One of the typical issues is usually the caching of login pages. Login pages have sensitive information about the user and it is good practive to disable browser caching in those cases.

In order to achieve that, HTML meta tags can be added to the header of the JSPX page. The lines that disable caching are:

<meta http-equiv="Cache-Control" content="no-store”/>

<meta http-equiv="Pragma" content="no-cache" />

Those tags need to be inside a verbatim tag before the content facet. For instance:

  <f:view>
    <af:document title="#{portalResource['login_title']}" id="d1">
      <f:facet name="metaContainer">
        <f:verbatim>
          <meta http-equiv="Cache-Control" content="no-store"/>
          <meta http-equiv="Pragma" content="no-cache"/>
        </f:verbatim>
      </f:facet>
      <af:form id="formlogin">
        <af:pageTemplate value="#{bindings.pageTemplateBinding}" id="pt1SAD"
                         viewId="/oracle/webcenter/portalapp/pagetemplates/MiPageTemplate.jspx">
          <f:attribute name="showNavigation" value="#{false}"/>
          <f:attribute name="showLogin" value="#{false}"/>
          <f:facet name="content">

References

http://stackoverflow.com/questions/49547/making-sure-a-web-page-is-not-cached-across-all-browsers
https://www.mnot.net/cache_docs/