You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@struts.apache.org by Mohan <mo...@infotechsw.com> on 2005/05/24 07:05:48 UTC

Session-Problem

Hi All,


    I have problem in my application.In My application I have login and log
out functionality.When user clicks log-out I am removing the session and I
am redirectiong to Login page.So far it is working fine.But problem starts
here.If user clicks the back button of browser window.He is able to see the
last visited page .But I want to restrict him like ,once the user is logged
out .and if he clicks the back button I want him to redirect to the login
page or showing some message.

thanks and regards,
Mohan.


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org

Re: Session-Problem

Posted by Viktar Duzh <du...@tut.by>.

Hi,

Try the following in yor struts-config file:

<controller nocache="true"/>

According to the struts-config.dtd file:

nocache         Set to "true" if you want the controller to add HTTP
                     headers for defeating caching to every response from
                     this module.  [false]


It should help.

Regards,

-- Viktar

----- Original Message ----- 
From: "Jorge Chacón Souto" <jo...@mundo-r.com>
To: "Struts Users Mailing List" <us...@struts.apache.org>
Sent: Tuesday, May 24, 2005 9:56 AM
Subject: Re: Session-Problem


>
> Hello,
>
> I have the same problem some days ago. I found two solutions: using 
> https(SSL) in the web server (if SSL really fits to your application 
> security requirements), since SSL web pages are not cached, or telling the 
> browser to don't cache the JSP page, so when the user clicks the back 
> button the browser will have to send a request.
>
>            response.setHeader("Cache-Control","no-cache"); //Forces caches 
> to obtain a new copy of the page from the origin server
>            response.setHeader("Cache-Control","no-store"); //Directs 
> caches not to store the page under any circumstance
>            response.setDateHeader("Expires", 0); //Causes the proxy cache 
> to see the page as "stale"
>            response.setHeader("Pragma","no-cache"); //HTTP 1.0 backward 
> compatibility
>
> More details on:
>
> http://www.javaworld.com/javaworld/jw-09-2004/jw-0927-logout.html
>
> Jorge.
>
>
> Mohan escribió:
>
>>Hi All,
>>
>>
>>    I have problem in my application.In My application I have login and 
>> log
>>out functionality.When user clicks log-out I am removing the session and I
>>am redirectiong to Login page.So far it is working fine.But problem starts
>>here.If user clicks the back button of browser window.He is able to see 
>>the
>>last visited page .But I want to restrict him like ,once the user is 
>>logged
>>out .and if he clicks the back button I want him to redirect to the login
>>page or showing some message.
>>
>>thanks and regards,
>>Mohan.
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>>For additional commands, e-mail: user-help@struts.apache.org
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org

Re: Session-Problem

Posted by Jorge Chacón Souto <jo...@mundo-r.com>.

Hello,

I have the same problem some days ago. I found two solutions: using 
https(SSL) in the web server (if SSL really fits to your application 
security requirements), since SSL web pages are not cached, or telling 
the browser to don't cache the JSP page, so when the user clicks the 
back button the browser will have to send a request.

            response.setHeader("Cache-Control","no-cache"); //Forces 
caches to obtain a new copy of the page from the origin server
            response.setHeader("Cache-Control","no-store"); //Directs 
caches not to store the page under any circumstance
            response.setDateHeader("Expires", 0); //Causes the proxy 
cache to see the page as "stale"
            response.setHeader("Pragma","no-cache"); //HTTP 1.0 backward 
compatibility

More details on:

http://www.javaworld.com/javaworld/jw-09-2004/jw-0927-logout.html

Jorge.


Mohan escribió:

>Hi All,
>
>
>    I have problem in my application.In My application I have login and log
>out functionality.When user clicks log-out I am removing the session and I
>am redirectiong to Login page.So far it is working fine.But problem starts
>here.If user clicks the back button of browser window.He is able to see the
>last visited page .But I want to restrict him like ,once the user is logged
>out .and if he clicks the back button I want him to redirect to the login
>page or showing some message.
>
>thanks and regards,
>Mohan.
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
>For additional commands, e-mail: user-help@struts.apache.org
>
>  
>


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org