Index: includes/bootstrap.inc
===================================================================
RCS file: /cvs/drupal/drupal/includes/bootstrap.inc,v
retrieving revision 1.412
diff -u -r1.412 bootstrap.inc
--- includes/bootstrap.inc	21 Jul 2010 00:26:21 -0000	1.412
+++ includes/bootstrap.inc	23 Jul 2010 13:19:34 -0000
@@ -1057,9 +1057,15 @@
 /**
  * Set HTTP headers in preparation for a page response.
  *
- * Authenticated users are always given a 'no-cache' header, and will fetch a
- * fresh page on every request. This prevents authenticated users from seeing
- * locally cached pages.
+ * Cache-control for authenticated users is set to 'private' to indicate that
+ * the response is intended for that single user only and is not a valid
+ * response for requests by other users. The 'must-revalidate' directive
+ * ensures the cache won't be used when stale (By default the Expire header
+ * is set to past date to prevent authenticated users from seeing locally
+ * cached pages).
+ * The 'post-check' and 'pre-check' directives are part of an Cache-Control
+ * Extension used by IE. The 'pre-check' directive is set to 10 seconds to
+ * prevent form-data getting lost when using the browser's back button.
  *
  * Also give each page a unique ETag. This will force clients to include both
  * an If-Modified-Since header and an If-None-Match header when doing
@@ -1091,7 +1097,7 @@
   $default_headers = array(
     'Expires' => 'Sun, 19 Nov 1978 05:00:00 GMT',
     'Last-Modified' => gmdate(DATE_RFC1123, REQUEST_TIME),
-    'Cache-Control' => 'no-cache, must-revalidate, post-check=0, pre-check=0',
+    'Cache-Control' => 'private, must-revalidate, post-check=0, pre-check=10',
     'ETag' => '"' . REQUEST_TIME . '"',
   );
   drupal_send_headers($default_headers);