What must I do to make content such as images served over HTTPS be cached client-side?

Question

I am using Tomcat as a server and Internet Explorer 6 as a browser. A web page in our app has about 75 images. We are using SSL. It seems to be very slow at loading all the cont

Answer 1

If you are serving a page over https then you'll need to serve all the included static or dynamic resources over https (either from the same domain, or another domain, also over https) to avoid a security warning in the browser.

Content delivered over a secure channel will not be written to disk by default by most browsers and so lives in the browsers memory cache, which is much smaller than the on disk cache. This cache also disappears when the application quits.

Having said all of that there are things you can do to improve the cachability for SSL assets inside a single browser setting. For starters, ensure that all you assets have reasonable Expires and Cache-Control headers. If tomcat is sitting behind apache then use mod_expires to add them. This will avoid the browser having to check if the image has changed between pages

   FileEtag none
   ExpiresActive on
   ExpiresDefault "access plus 1 month"

Secondly, and this is specific to MSIE and Apache, most apache ssl configs include these lines

SetEnvIf User-Agent ".*MSIE.*" \
     nokeepalive ssl-unclean-shutdown \
     downgrade-1.0 force-response-1.0

Which disables keepalive for ALL MSIE agents. IMHO this is far too conservative, the last MSIE browsers to have issues using SSL were 5.x and unpatched versions of 6.0 pre SP2, both of which are very uncommon now. The following is more lenient and will not disable keepalives when using MSIE and SSL

BrowserMatch "MSIE [1-4]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [5-9]" ssl-unclean-shutdown