*** upload.module	
--- upload.module-fixed-msie-ssl	
***************
*** 266,274 ****
--- 266,283 ----
        $node = node_load($file->nid);
        if (node_access('view', $node)) {
          $type = mime_header_encode($file->filemime);
+ // According to http://support.microsoft.com/kb/815313, MSIE needs to prevent caching for SSL download.
+ // Can use in return array 'Cache-Control' per http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9.4
+ // Either Cache-control: no-store in headers, or use a max-age with must-revalidate?
+ // Cache-Control with no-store or max-age=60 and or must-revalidate directives appear to solve, however  
+ // if a return includes the no-cache directive, it SHOULD NOT include max-age. 
+ // Recommended return by Microsoft for SSL: 'Cache-Control: no-store',
+ // Recommended by some drupal users: 'Cache-Control: max-age=60, must-revalidate',
+ // Because this function is used also by non-ssl connections, some storing by cache may be better?
          return array(
            'Content-Type: '. $type,
            'Content-Length: '. $file->filesize,
+           'Cache-Control: max-age=60, must-revalidate',
          );
        }
        else {
