bamarni
commented
10 years ago Are you sure about this one? I remember that when it comes to images, some browsers tend to cache them even though response headers don't tell to do so.
I'd prefer to keep the current implementation which avoids that.
In order to refresh the captcha, the example given create a sort of unique url using unused random parameter:
It will be cleaner to set correct HTTP response headers rather than using such a hack. Here is a small patch that should do the trick. Not sure it will work for every web browser. It is an assumed copy-paste from http://stackoverflow.com/questions/49547/making-sure-a-web-page-is-not-cached-across-all-browsers
It also moves the cache control from client-side to server-side.