tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Phillips <p...@partitura.com>
Subject no cache - the browser back button
Date Fri, 28 Jun 2002 17:10:00 GMT
Hello

I have written a simple servlet-jsp application that uses sessions and form 
based authentication using the container security.  It is running under 
Tomcat 4.03

I have implemented a logout page that has, as its last line:
mysession.invalidate().

This seems to close  this session just fine - I can go to the login page 
and login again.

However, I have noticed that if I am on the logout page, and press the back 
button, I get the previous page from the cache.  If I try to click on 
anything on that previous page, it bumps me out to the login page, 
indicating that the session I am trying to use has expired.

This is good.

However, I don't even want the back button to allow the user to go back to 
a previous page at all.

I have put this code at the top of the jsp page before the logout page:


response.setHeader("Cache-Control","no-store"); 
response.setHeader("Pragma","no-cache"); 
response.setDateHeader ("Expires", 0);  

This does not prevent the problem.  I have tried "no-cache" instead of 
"no-store". Still doesn't work.  I have tried moving the code to the 
servlet that drives this jsp (mvc).  Still no luck.

I have tried this with both Microsoft Explorer 5 and Netscape 6 on a Mac 
and I can't get either to work.

What am I doing wrong?  How can I accomplish this?

Thanks
Paul Phillips



--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message