Mailing-List: contact user-help@struts.apache.org; run by ezmlm
Precedence: bulk
Reply-To: "Struts Users Mailing List" <user@struts.apache.org>
Received-SPF: pass (athena.apache.org: domain of shekher.awasthi@gmail.com
 designates 209.85.146.176 as permitted sender)
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type;
        b=EEOKWu6axP72DNPFu9EQ41oiOJd55sIfwjV+klr1JL+p4a1CRTGs9QoMDZdwmdRfr6
         OZjy0Ka+TPaLSVFKyclEeuHAz7nz9CQgBbgCGg2ajgiL7Qw8rTftfMl+c9F72FTjCntM
         oEHZUpGkGtlRrGhHpaJjrWBi9CT7sYxkKsbno=
MIME-Version: 1.0
In-Reply-To: <5e5424000901260011m1c0e4c92y99f9249325c6b48@mail.gmail.com>
References: <561395.1608.qm@web31802.mail.mud.yahoo.com>
	 <5e5424000901220252j7e976525j6bcd74ae5fa3187a@mail.gmail.com>
	 <975cc8ca0901220705v25762264nd1d545a86715293f@mail.gmail.com>
	 <975cc8ca0901220715v68046743k75572d986b6f1bc1@mail.gmail.com>
	 <975cc8ca0901220729m767b3caay4a75f7235fc7d12f@mail.gmail.com>
	 <5e5424000901230603g71de1485r44dc915815cac7f6@mail.gmail.com>
	 <975cc8ca0901230736o43886a6egdcf35b2b65f98dd7@mail.gmail.com>
	 <975cc8ca0901242313r65a53102t383652e0cc18040d@mail.gmail.com>
	 <5e5424000901260011m1c0e4c92y99f9249325c6b48@mail.gmail.com>
Date: Mon, 26 Jan 2009 18:26:05 +0530
Message-ID: <975cc8ca0901260456q561888ddoc6c7f867d6f2e642@mail.gmail.com>
Subject: Re: Handling Browser Back/Forward Button in Struts2
From: shekher awasthi <shekher.awasthi@gmail.com>
To: Struts Users Mailing List <user@struts.apache.org>
Content-Type: multipart/alternative; boundary=00163646c580fe29ab0461624244

--00163646c580fe29ab0461624244
Content-Type: text/plain; charset=ISO-8859-2
Content-Transfer-Encoding: quoted-printable

Thanks Pawel for such detalied description

i did all the things as mentioned by you but still its not working for me

regarding SSL its working for me bt still caching problem is there

i will again dig deep in to it and if you can provide me a small app that
will be wonderfull i can use that to compare my functionality so that i can
find out where i am doing wrong or whats going wrong in my application.


On 1/26/09, Pawe=B3 Wielgus <poulwiel@gmail.com> wrote:
>
> Hi Shekher,
> what i did is:
> 1. I added on every page:
>
>          <meta http-equiv=3D"Pragma" content=3D"no-cache"/>
>          <meta http-equiv=3D"Cache-Control" content=3D"no-cache"/>
>          <meta http-equiv=3D"Expires" content=3D"-1"/>
>
> - in <head> section at the begining of page and after <body> just
> before </html> i added:
>
> <head>
>          <meta http-equiv=3D"pragma" content=3D"no-cache"/>
>          <meta http-equiv=3D"cache-control" content=3D"no-cache"/>
>          <meta http-equiv=3D"expires" content=3D"-1"/>
> </head>
> - so it is doubled!
>
> 2. I added to every response:
>
>        response.setHeader("Pragma", "no-cache");
>        response.setHeader("Cache-Control", "no-cache");
>        response.setHeader("Expires", "-1");
>
> And that's working for me under ssl. As for ssl it has nothing to do
> with struts2, it's controlled by tomcat or any other server You are
> using, i know there is ssl-plugin for s2 but i honestly don't know
> what for, maybe it is targeted for checking if request is under ssl
> and if not redirecting to ssl connection, but it's not turning ssl on
> for sure.
>
> If that won't help i can make a little app and pack it up for You, but
> it can take some time.
>
> Best greetings,
> Pawe=B3 Wielgus.
>
> 2009/1/25 shekher awasthi <shekher.awasthi@gmail.com>:
> > Hi Hi Pawe=B3,
> >
> > i tried all the way in secure way
> >
> > i implimented SSL and now my tomcat is running on port 8443 usinh https
> > protocol
> > i have created a custom interceptor for setting the header values
> >
> > when user click logg off button this custom interceptor is working
> setting
> > the header values below is the code i am using
> >
> > ActionContext context=3Dinvocation.getInvocationContext();
> >            HttpServletResponse
> > response=3D(HttpServletResponse)context.get(StrutsStatics.HTTP_RESPONSE=
);
> >            if(response!=3Dnull){
> >                System.out.println("**********setting
> > header**************");
> >                response.setHeader("Cache-Control", "must-revalidate");
> >                response.setHeader("Cache-Control", "max-age=3D0");
> >                response.setHeader("Pragma", "no-cache");//HTTP 1.1
> >                response.setDateHeader ("Expires", 0); //prevents cachin=
g
> at
> > the proxy
> >                response.setHeader("Cache-Control","no-store"); //HTTP 1=
.1
> >
> >            }
> >
> > and on my logot message i have something like this
> >
> > <META content=3D"MSHTML 6.00.2900.2180" name=3DGENERATOR>
> > <META HTTP-EQUIV=3D"CACHE-CONTROL" CONTENT=3D"NO-CACHE">
> > <META HTTP-EQUIV=3D"EXPIRES" CONTENT=3D"-1">
> > <META HTTP-EQUIV=3D"PRAGMA" CONTENT=3D"NO-CACHE">
> >
> > but still results are same
> > i can go back to secure page using browser back button
> > any idea  why this is going on??
> >
> > or do i need to set anything apart from this?
> >
> > -shekher
> >
> > On Fri, Jan 23, 2009 at 9:06 PM, shekher awasthi
> > <shekher.awasthi@gmail.com>wrote:
> >
> >> Can you guide me the way how to use SSL in struts2 i am looking in to
> this
> >>
> >> IDE i am using is MyEclispe
> >>
> >> and i am testing it using tomcat
> >>
> >> On Fri, Jan 23, 2009 at 7:33 PM, Pawe=B3 Wielgus <poulwiel@gmail.com>
> wrote:
> >>
> >>> Hi Shekher,
> >>> all my testing was under SSL connection. So without pragma and cache
> >>> control it's not working - sadly.
> >>>
> >>> Best greetings,
> >>> Pawe=B3 Wielgus.
> >>>
> >>> 2009/1/22 shekher awasthi <shekher.awasthi@gmail.com>:
> >>>  > Hi Pawe=B3,
> >>> >
> >>> > another way we can do this by using SSL
> >>> > as we are dealing in secure zone so using SSL for this might be a
> good
> >>> case.
> >>> >
> >>> > the application i have seen so far who have dealt with this
> back/forward
> >>> > button always using HTTPS protocol.
> >>> >
> >>> > i am also diving in to this case study and will share the results
> >>> >
> >>> >
> >>> > On 1/22/09, shekher awasthi <shekher.awasthi@gmail.com> wrote:
> >>> >>
> >>> >> one of the banking application site which i tested today
> >>> >>
> >>> >> when user get logged off from and try to hit the back button he wi=
ll
> be
> >>> >> shown a different page
> >>> >> instead the one in the cache
> >>> >> so i am also loking in to this aspect.
> >>> >>
> >>> >>
> >>> >>  On 1/22/09, shekher awasthi <shekher.awasthi@gmail.com> wrote:
> >>> >>>
> >>> >>> using javascript is not a sure short solution
> >>> >>> as i tested it throughly and javascript behaviour is not consiste=
nt
> >>> >>> throught
> >>> >>>
> >>> >>> regarding setting header i did this i developed a custom
> interceptor
> >>> which
> >>> >>> is doing this
> >>> >>>
> >>> >>> but again its not worked as expected.
> >>> >>> i am still clueless how online banking application doing this tri=
ck
> >>> >>>
> >>> >>> i am still on R&D mode for this if find anything will share it
> >>> >>>
> >>> >>>
> >>> >>>  On 1/22/09, Pawe=B3 Wielgus <poulwiel@gmail.com> wrote:
> >>> >>>>
> >>> >>>> Hi Ehtesham,
> >>> >>>> it was said before on this thread that user can simply turn of
> >>> >>>> javascript whenever he wants,
> >>> >>>> thats why i was looking for more server controlled solution. But
> >>> thank
> >>> >>>> You for pointing it out, You made me to add it to my blog post.
> >>> >>>>
> >>> >>>> Best greetings,
> >>> >>>> Pawe=B3 Wielgus.
> >>> >>>>
> >>> >>>> 2009/1/22 Ehteshamul Haque <ehshopon@yahoo.com>:
> >>> >>>> >
> >>> >>>> >
> >>> >>>> >
> >>> >>>> > Hi,
> >>> >>>> >
> >>> >>>> > I am not that much expert I I used the following javascript co=
de
> >>> before
> >>> >>>> in each page and it workded fine.
> >>> >>>> >
> >>> >>>> >
> >>> >>>> > <script language=3D"JavaScript">
> >>> >>>> > var x=3Dwindow.history.length;
> >>> >>>> > if (window.history[x]!=3Dwindow.location)
> >>> >>>> > {
> >>> >>>> >     window.history.forward();
> >>> >>>> > }
> >>> >>>> > </script>
> >>> >>>> >
> >>> >>>> > If it work for you I will be very happy.
> >>> >>>> >
> >>> >>>> > Thank you.
> >>> >>>> >
> >>> >>>> > -Ehtesham
> >>> >>>> >
> >>> >>>> >
> >>> >>>> > --- On Thu, 1/22/09, Pawe=B3 Wielgus <poulwiel@gmail.com> wrot=
e:
> >>> >>>> >
> >>> >>>> > From: Pawe=B3 Wielgus <poulwiel@gmail.com>
> >>> >>>> > Subject: Re: Handling Browser Back/Forward Button in Struts2
> >>> >>>> > To: "Struts Users Mailing List" <user@struts.apache.org>
> >>> >>>> > Date: Thursday, January 22, 2009, 12:34 AM
> >>> >>>> >
> >>> >>>> > Hi Shekher,
> >>> >>>> > it was very interesting subject, so i dig a little more.
> >>> >>>> > Here [1] is what i found, with some tests.
> >>> >>>> > Basicly it turns out that You should add headers in page and t=
o
> >>> >>>> response.
> >>> >>>> >
> >>> >>>> > [1] -
> >>> >>>>
> >>>
> http://poulwiel.blogspot.com/2009/01/browser-back-button-and-caching-prob=
lem.html
> >>> >>>> >
> >>> >>>> > Best greetings,
> >>> >>>> > Pawe=B3 Wielgus.
> >>> >>>> >
> >>> >>>> > 2009/1/21 shekher awasthi <shekher.awasthi@gmail.com>:
> >>> >>>> >> Is it possible that either i should only put these header in
> the
> >>> >>>> logout
> >>> >>>> >> action
> >>> >>>> >>
> >>> >>>> >> where i am removing the session and den redirecting the user =
to
> >>> index
> >>> >>>> page
> >>> >>>> >> something like this
> >>> >>>> >>
> >>> >>>> >> HttpServletResponse response=3Dnull;
> >>> >>>> >>         response=3DServletActionContext.getResponse();
> >>> >>>> >>
> >>> >>>> >>             response.setHeader("Pragma", "no-cache");
> >>> >>>> >>             response.setHeader("Cache-Control", "no-cache");
> >>> >>>> >>             response.setHeader("Expires", "0");
> >>> >>>> >>
> >>> >>>> >> or can we create a interceptor which can do this for all the
> >>> request
> >>> >>>> wheer
> >>> >>>> >> we want this feature??
> >>> >>>> >>
> >>> >>>> >> 2009/1/21 shekher awasthi <shekher.awasthi@gmail.com>
> >>> >>>> >>
> >>> >>>> >>> i tried using setting the eader values but they are not
> working
> >>> as
> >>> >>>> expected
> >>> >>>> >>> i can even
> >>> >>>> >>>
> >>> >>>> >>> go and move back using broswer back button.
> >>> >>>> >>>
> >>> >>>> >>> if i will find anything helpfull will share with you
> >>> >>>> >>> till then hard luck
> >>> >>>> >>> :)
> >>> >>>> >>>
> >>> >>>> >>> 2009/1/21 Pawe=B3 Wielgus <poulwiel@gmail.com>
> >>> >>>> >>>
> >>> >>>> >>> Hi Shekher,
> >>> >>>> >>>> what i meant is that it can be done from server side.
> >>> >>>> >>>> Check for example Your e-banking application, i did it on
> mine
> >>> :-).
> >>> >>>> >>>> There, when You press back button browser won't serve You
> cached
> >>> >>>> page
> >>> >>>> >>>> but ask server for fresh one - this is controlled with
> >>> content-cache
> >>> >>>> >>>> and pragma, but i can't be more helpfull to You here becaus=
e
> i
> >>> >>>> haven't
> >>> >>>> >>>> done it before.
> >>> >>>> >>>>
> >>> >>>> >>>> Best greetings,
> >>> >>>> >>>> Pawe=B3 Wielgus.
> >>> >>>> >>>>
> >>> >>>> >>>>
> >>> >>>> >>>> 2009/1/21 shekher awasthi <shekher.awasthi@gmail.com>:
> >>> >>>> >>>>  > Hi Pawe=B3,
> >>> >>>> >>>> >
> >>> >>>> >>>> > thats true it only send request to server if  i will
> refresh
> >>> the
> >>> >>>> page
> >>> >>>> >>>> and
> >>> >>>> >>>> > for that i have already custom interceptor places which i=
s
> >>> >>>> checking the
> >>> >>>> >>>> user
> >>> >>>> >>>> > object in session in order to confirm that the request is
> from
> >>> >>>> >>>> authorized
> >>> >>>> >>>> > user
> >>> >>>> >>>> >
> >>> >>>> >>>> > but when i make use of back button it serve the page from
> the
> >>> >>>> local
> >>> >>>> >>>> > chache,so the problem is related to client side more than
> that
> >>> of
> >>> >>>> server
> >>> >>>> >>>> > handling
> >>> >>>> >>>> >
> >>> >>>> >>>> > still trying to find a firm solution for it
> >>> >>>> >>>> >
> >>> >>>> >>>> > 2009/1/20 Pawe=B3 Wielgus <poulwiel@gmail.com>
> >>> >>>> >>>> >
> >>> >>>> >>>> >> Hi Shekher,
> >>> >>>> >>>> >> first try this scenario:
> >>> >>>> >>>> >> 1. logout user
> >>> >>>> >>>> >> 2. back button - check for logs if action was fired
> >>> >>>> >>>> >> 3. refresh page - check for logs if action was fired
> >>> >>>> >>>> >> Most likely only the 3. will fire action because browser
> will
> >>> >>>> serve
> >>> >>>> >>>> >> cached version of that page.
> >>> >>>> >>>> >> I was about to write that to deal with it You can use
> https
> >>> >>>> scheme,
> >>> >>>> >>>> >> but i just got it checked and it's not true. So maybe
> using
> >>> >>>> pragma and
> >>> >>>> >>>> >> or cache-control will do?
> >>> >>>> >>>> >>
> >>> >>>> >>>> >> Still user can disable javascript so solution with scrip=
t
> >>> might
> >>> >>>> not
> >>> >>>> >>>> work.
> >>> >>>> >>>> >> If You find out anything more please let us know.
> >>> >>>> >>>> >>
> >>> >>>> >>>> >> Best greetings,
> >>> >>>> >>>> >> Pawe=B3 Wielgus.
> >>> >>>> >>>> >>
> >>> >>>> >>>> >>
> >>> >>>> >>>> >> 2009/1/20 Robert Graf-Waczenski <rgw@lsoft.com>:
> >>> >>>> >>>> >>  > You don't write if the browser back button is suppose=
d
> to
> >>> be
> >>> >>>> >>>> functional
> >>> >>>> >>>> >> in
> >>> >>>> >>>> >> > your application (in many cases it is not, but YMMV).
> >>> >>>> >>>> >> >
> >>> >>>> >>>> >> > If you want to disable the browser back button, use th=
e
> >>> code
> >>> >>>> below in
> >>> >>>> >>>> all
> >>> >>>> >>>> >> > your pages:
> >>> >>>> >>>> >> >
> >>> >>>> >>>> >> > <script type=3D"text/javascript">
> >>> >>>> >>>> >> > history.forward();
> >>> >>>> >>>> >> > </script>
> >>> >>>> >>>> >> >
> >>> >>>> >>>> >> > I'm not aware of any feature in Struts2 that deals wit=
h
> the
> >>> >>>> browser
> >>> >>>> >>>> back
> >>> >>>> >>>> >> > button.
> >>> >>>> >>>> >> >
> >>> >>>> >>>> >> > Robert
> >>> >>>> >>>> >> >
> >>> >>>> >>>> >> >
> >>> >>>> >>>> >> > shekher awasthi wrote:
> >>> >>>> >>>> >> >>
> >>> >>>> >>>> >> >> Hi All,
> >>> >>>> >>>> >> >>
> >>> >>>> >>>> >> >> in the process of developing application using struts
> >>> 2.0.11,
> >>> >>>> i came
> >>> >>>> >>>> >> >> across
> >>> >>>> >>>> >> >> the problem of handling browser back/forward button.
> >>> >>>> >>>> >> >>
> >>> >>>> >>>> >> >> This problem is occurring when we will logout the
> user.On
> >>> >>>> Clicking
> >>> >>>> >>>> the
> >>> >>>> >>>> >> >> logout button we are currently removing the user from
> the
> >>> >>>> session
> >>> >>>> >>>> >> >>
> >>> >>>> >>>> >> >> and it worked fine for us. After the successful logou=
t
> >>> process
> >>> >>>> user
> >>> >>>> >>>> will
> >>> >>>> >>>> >> >> be
> >>> >>>> >>>> >> >> redirected to the index page(which have the login
> field),
> >>> >>>> >>>> >> >>
> >>> >>>> >>>> >> >> but when user hits the browser back button he is
> getting
> >>> >>>> himself
> >>> >>>> >>>> there
> >>> >>>> >>>> >> in
> >>> >>>> >>>> >> >> the secure page even we have remove the user object
> from
> >>> the
> >>> >>>> session
> >>> >>>> >>>> >> >>
> >>> >>>> >>>> >> >> below is the code we are using for removing the user
> >>> >>>> >>>> >> >>
> >>> >>>> >>>> >> >> session.remove(BSConstant.USER);
> >>> >>>> >>>> >> >>
> >>> >>>> >>>> >> >> i am clueless where we are doing wrong , as we think =
we
> >>> are
> >>> >>>> having
> >>> >>>> >>>> two
> >>> >>>> >>>> >> >> points
> >>> >>>> >>>> >> >>
> >>> >>>> >>>> >> >> 1) Either the user is not getting removed from the
> >>> session,but
> >>> >>>> the
> >>> >>>> >>>> >> chances
> >>> >>>> >>>> >> >> are very less as for all other call after logout it i=
s
> >>> forcing
> >>> >>>> the
> >>> >>>> >>>> user
> >>> >>>> >>>> >> to
> >>> >>>> >>>> >> >> login first.
> >>> >>>> >>>> >> >>
> >>> >>>> >>>> >> >> 2) Back button handling is not there
> >>> >>>> >>>> >> >>
> >>> >>>> >>>> >> >> my question is, Is there any way in struts2 to handle
> >>> browser
> >>> >>>> >>>> >> back/forward
> >>> >>>> >>>> >> >> button or do i need to use some other technique like
> >>> >>>> >>>> >> >>
> >>> >>>> >>>> >> >> setting response header
> >>> >>>> >>>> >> >>
> >>> >>>> >>>> >> >> any suggestion in this regard will be much appreciate=
d.
> >>> >>>> >>>> >> >>
> >>> >>>> >>>> >> >> -s
> >>> >>>> >>>> >> >>
> >>> >>>> >>>> >> >>
> >>> >>>> >>>> >> >
> >>> >>>> >>>> >> >
> >>> >>>> >>>> >> >
> >>> >>>>
> ---------------------------------------------------------------------
> >>> >>>> >>>> >> > To unsubscribe, e-mail:
> user-unsubscribe@struts.apache.org
> >>> >>>> >>>> >> > For additional commands, e-mail:
> >>> user-help@struts.apache.org
> >>> >>>> >>>> >> >
> >>> >>>> >>>> >> >
> >>> >>>> >>>> >>
> >>> >>>> >>>> >>
> >>> >>>>
> ---------------------------------------------------------------------
> >>> >>>> >>>> >> To unsubscribe, e-mail:
> user-unsubscribe@struts.apache.org
> >>> >>>> >>>> >> For additional commands, e-mail:
> user-help@struts.apache.org
> >>> >>>> >>>> >>
> >>> >>>> >>>> >>
> >>> >>>> >>>> >
> >>> >>>> >>>>
> >>> >>>> >>>>
> >>> >>>>
> ---------------------------------------------------------------------
> >>> >>>> >>>> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> >>> >>>> >>>> For additional commands, e-mail: user-help@struts.apache.or=
g
> >>> >>>> >>>>
> >>> >>>> >>>>
> >>> >>>> >>>
> >>> >>>> >>
> >>> >>>> >
> >>> >>>> >
> >>> ---------------------------------------------------------------------
> >>> >>>> > To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> >>> >>>> > For additional commands, e-mail: user-help@struts.apache.org
> >>> >>>> >
> >>> >>>> >
> >>> >>>> >
> >>> >>>> >
> >>> >>>> >
> >>> >>>>
> >>> >>>>
> ---------------------------------------------------------------------
> >>> >>>> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> >>> >>>> For additional commands, e-mail: user-help@struts.apache.org
> >>> >>>>
> >>> >>>>
> >>> >>>
> >>> >>
> >>> >
> >>>
> >>> ---------------------------------------------------------------------
> >>> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> >>> For additional commands, e-mail: user-help@struts.apache.org
> >>>
> >>>
> >>
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>

--00163646c580fe29ab0461624244--