SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Member
    Join Date
    Aug 2008
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Exclamation Log Out Functionality for my web application

    I have used simple JSP and java files to build my application. All the jsp files have included a 'header.jsp' file, in which there is a Log Out image button. After clicking this button, the page 'logOut.jsp' emerges. In this page, I am invalidating the session. But when I click either back button of IE, or 'backspace' key, I can still access all the pages.

    I have used

    <META HTTP-EQUIV="Cache-Control" CONTENT="no-cache">
    <META HTTP-EQUIV="Pragma" CONTENT="no-cache">
    <META HTTP-EQUIV="Expires" CONTENT="0">

    and

    <%response.setHeader("Cache-Control","no-cache");%>
    <%response.setHeader("expires","0");%>
    <%response.setHeader("Pragma","no-cache");%>

    in all the pages to clear all the cache.

    Please help me expire the pages once logged out.

    Thanks in Advance......!
    Nishant

  2. #2
    SitePoint Wizard
    Join Date
    Apr 2007
    Posts
    1,399
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    response.setHeader("Cache-control", "no-store");

    Actually, you are NOT validating the session. This is dealing w/ your HTTP header cache control. With above setting you are set to "no-cache" but it's still "stored". Yes, it's a bit confusing but let me explain in simple terms

    no-cache means
    when a user clicks a link from current page, then the new page will be rendered by the server

    no-store means
    when a user press the back button, then the page will be rendered by the server

    Hope this confusion clears up.

  3. #3
    SiteP0int Weazle hooknc's Avatar
    Join Date
    Dec 2004
    Location
    Socialist Republic of Boulder
    Posts
    937
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I would recommend setting all the Cache-Control values, not just no-cache.

    Code:
    Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
    I would also set Pragma to no-cache too.

    You want to make sure that not only does the browser not cache the data, but we want to tell everyone down the line (proxy servers, other servers, etc...) not to cache the page either.

    Best of Luck.
    baby steps... baby steps...

  4. #4
    SiteP0int Weazle hooknc's Avatar
    Join Date
    Dec 2004
    Location
    Socialist Republic of Boulder
    Posts
    937
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Most likely the best way to set the response headers cache-control is with a Filter...

    Here are some examples of how other people used Filters for cache-control.

    I would recommend having different mappings for different file types.

    For example, I would have a cache-control filter for your JSPs where it never allows cache. But, I would then have a different cache-control filter for your css and images where it only allows the browser to cache those files for 4 hours or something like that.

    (You'll want to set a cache time out value on your css files. Trust me on this one. )

    Best of Luck.
    baby steps... baby steps...

  5. #5
    SitePoint Zealot Mr. Ram's Avatar
    Join Date
    Nov 2005
    Posts
    139
    Mentioned
    0 Post(s)
    Tagged
    1 Thread(s)
    We can also use session.invalidate(); to kill the session.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •