You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Priya Saloni <sa...@gmail.com> on 2005/12/16 15:48:54 UTC
Back Button Problem..
Hi there,
I facing a BIG problem in my struts based application.When i logout my
website and hit back button it showing a page like the following
//
Warning: Page has Expired
The page you requested was created using information you submitted in a
form. This page is no longer available. As a security precaution, Internet
Explorer does not automatically resubmit your information for you.
To resubmit your information and view this Web page, click the *Refresh*button.
//
When i refresh the page its showing the secured web pages too.My code in
LogoutAction is as follows
request.getSession().removeAttribute("sessionState");
request.getSession().invalidate();
response.sendRedirect("/BMS/logout_success.jsp");
sessionState is the VO where iam keeping all the objects i want to keep in
session..Is there any way in struts to make sure that it won't display the
page like above..
Thanks
Priya.
Re: Back Button Problem..
Posted by Marcelo Morales <ma...@redcetus.com>.
Hello again
On Dec 22, 2005, at 3:27 PM, Priya Saloni wrote:
> Hi Marcelo,
>
> //You solve this issue with a redirtect-after-post hack on the logoff
> //action.
>
> Thats what iam doing in the following code..
>
> request.getSession().removeAttribute("sessionState");
> request.getSession().invalidate();
> response.sendRedirect("/BMS/logout_success.jsp");
Yep, That's quite odd. I suppose you must be doing some nonstandard
processing. I was having throuble with this issue myself. I kindda
solved it the way everybody else told you to.
This is as usefull as i can be:
First, debug your HTTP conversations. Use an HTTP Monitor (something
like NetBeans' HTTP monitor) or a tool like wget (use it with the -S
modifier). Ckeck for the next headers: Pragma, Expires, Client-Date
and Date.
Secondly, check for the standard browser configuration. In IEs,
Mozillas and operas there are some nasty configurations regarding
history and cache. So I'm not sure if there is a complete solution
available. Had no time to test most of nonstandard configurations.
Last time i checked, Opera still showed the secured pages when going
back.
Finally, if you check out the javadoc for RequestProcessor, there is
this note:
method:
processNoCache
on class:
org.apache.struts.action.RequestProcessor
<quot>
NOTE - This header will be overridden automatically if a
RequestDispatcher.forward call is ultimately invoked.
</quot>
I'm not sure what it means but you may take a look.
There were some discusions back on dec 1st or 3rd on this same list
regarding this same problem. I think this discussion comes and goes
every couple of months or so. Is there already an answer on the
archives?. i bet there is. We may be just making more noise than we
should.
> //This you solve by putting nocache=true in the <controller>
> element in
> //the struts configuration file
>
> here is the code i added into my struts-config.xml file
>
>
> <action-mappings>
>
> //Different Actions..
>
> </action-mappings>
>
> <controller nocache="true">
>
> </controller>
> Iam Still Getting the same problem.In IE i have to hit back button
> severel
> times continuously to to the secured pages after logout.But in
> Firefox its
> displaying with Single hit to Back Button.
>
> Thanks For Your time
>
> Priya
Hope i helps
Regards
Marcelo Morales
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: Back Button Problem..
Posted by Priya Saloni <sa...@gmail.com>.
Hi Marcelo,
//You solve this issue with a redirtect-after-post hack on the logoff
//action.
Thats what iam doing in the following code..
request.getSession().removeAttribute("sessionState");
request.getSession().invalidate();
response.sendRedirect("/BMS/logout_success.jsp");
//This you solve by putting nocache=true in the <controller> element in
//the struts configuration file
here is the code i added into my struts-config.xml file
<action-mappings>
//Different Actions..
</action-mappings>
<controller nocache="true">
</controller>
Iam Still Getting the same problem.In IE i have to hit back button severel
times continuously to to the secured pages after logout.But in Firefox its
displaying with Single hit to Back Button.
Thanks For Your time
Priya
On 12/22/05, Marcelo Morales <ma...@redcetus.com> wrote:
>
> Hello
> On Dec 16, 2005, at 10:48 AM, Priya Saloni wrote:
>
> > Hi there,
> >
> > I facing a BIG problem in my struts based application.When i logout my
> > website and hit back button it showing a page like the following
> >
> > //
> > Warning: Page has Expired
> > The page you requested was created using information you submitted
> > in a
> > form. This page is no longer available. As a security precaution,
> > Internet
> > Explorer does not automatically resubmit your information for you.
> >
> > To resubmit your information and view this Web page, click the
> > *Refresh*button.
> >
>
> You solve this issue with a redirtect-after-post hack on the logoff
> action.
>
> >
> > //
> >
> > When i refresh the page its showing the secured web pages too.
>
> This you solve by putting nocache=true in the <controller> element in
> the struts configuration file
>
>
> > My code in
> > LogoutAction is as follows
> >
> > request.getSession().removeAttribute("sessionState");
> > request.getSession().invalidate();
> > response.sendRedirect("/BMS/logout_success.jsp");
>
> This is correct. Should do the tick
>
> >
> > sessionState is the VO where iam keeping all the objects i want to
> > keep in
> > session..Is there any way in struts to make sure that it won't
> > display the
> > page like above..
> >
> > Thanks
> >
> > Priya.
>
>
> Hope It helps
>
>
> Marcelo Morales
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>
Re: Back Button Problem..
Posted by Marcelo Morales <ma...@redcetus.com>.
Hello
On Dec 16, 2005, at 10:48 AM, Priya Saloni wrote:
> Hi there,
>
> I facing a BIG problem in my struts based application.When i logout my
> website and hit back button it showing a page like the following
>
> //
> Warning: Page has Expired
> The page you requested was created using information you submitted
> in a
> form. This page is no longer available. As a security precaution,
> Internet
> Explorer does not automatically resubmit your information for you.
>
> To resubmit your information and view this Web page, click the
> *Refresh*button.
>
You solve this issue with a redirtect-after-post hack on the logoff
action.
>
> //
>
> When i refresh the page its showing the secured web pages too.
This you solve by putting nocache=true in the <controller> element in
the struts configuration file
> My code in
> LogoutAction is as follows
>
> request.getSession().removeAttribute("sessionState");
> request.getSession().invalidate();
> response.sendRedirect("/BMS/logout_success.jsp");
This is correct. Should do the tick
>
> sessionState is the VO where iam keeping all the objects i want to
> keep in
> session..Is there any way in struts to make sure that it won't
> display the
> page like above..
>
> Thanks
>
> Priya.
Hope It helps
Marcelo Morales
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: Back Button Problem..
Posted by Michael Jouravlev <jm...@gmail.com>.
For some reason your redirect does not work. Maybe session is not
invalidated as well? Is this piece of code ever evaluated?
Michael.
On 12/16/05, Priya Saloni <sa...@gmail.com> wrote:
> Hi there,
>
> I facing a BIG problem in my struts based application.When i logout my
> website and hit back button it showing a page like the following
>
> //
> Warning: Page has Expired
> The page you requested was created using information you submitted in a
> form. This page is no longer available. As a security precaution, Internet
> Explorer does not automatically resubmit your information for you.
>
> To resubmit your information and view this Web page, click the *Refresh*button.
>
>
> //
>
> When i refresh the page its showing the secured web pages too.My code in
> LogoutAction is as follows
>
> request.getSession().removeAttribute("sessionState");
> request.getSession().invalidate();
> response.sendRedirect("/BMS/logout_success.jsp");
>
> sessionState is the VO where iam keeping all the objects i want to keep in
> session..Is there any way in struts to make sure that it won't display the
> page like above..
>
> Thanks
>
> Priya.
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org