How do I keep Mobile Safari from caching a personalized homepage?

Question

I have a web application that uses the same Twitter authentication code as the Sinatra app imonaplane .

The homepage is either showing "Sign in with Twitter" or personalized content. After signing in, you're redirected (via HTTP 302) to the homepage:

get '/session_auth' do
  if params[:oauth_verifier]
    access_token = twitter_client.authorize(
      session[:request_token], session[:request_token_secret], oauth_verifier: params[:oauth_verifier])
    if twitter_client.authorized?
      user = db.load(User.to_id(twitter_client.info['screen_name'])) || User.new(login: twitter_client.info['screen_name'], twitter_access_token: access_token.token,
        twitter_secret_token: access_token.secret)
      db.save! user
      session[:user_id] = user.id
    end
  end
  redirect '/'
end

This works fine in Firefox 14.0.1 and Safari 5.1.7 and the iOS simulator.

However, it seems as if Mobile Safari on iOS 5.1.1 is caching the generalized homepage. This gives the impression that you're not logged in because it's still showing "Sign in with Twitter." Reload will show the personalized content.

This is running on Heroku, Cedar stack. No HTTP cache headers are used.

What's the problem here? Should I tell the browser explicitly to not cache the homepage, possibly with a Cache-Control: private header?

Answer 1

Different browsers acknowledge different values in the Cache-Control Header.

As far as I know (though I can't cite any great source right now) to make sure no caching is performed in any browser the Cache-Control Header can be set to "max-age=0, private, no-store, no-cache, must-revalidate" .