Folks,
I don't know if this is specifically
Struts related or not, but here goes. I have an application that uses Struts Tiles. At the basic level the user is presented a login page, he supplies credentials, once the credentials are validated an initial query is run and the user is presented with a summary page of the data. The state of the user is kept in a session variable. On the summary page there is a logout link. This invalidates the session and then goes back to the login page. The problem occurs if the user hits the browser back button after logging out. Initially the browser would say the page expired and to hit refresh. If that was done the form data would be reposted and the user would be fully logged back into the application without presenting any credentials. I fixed that by changing it to use a redirect instead of the forward to the summary page. Now when the user hits the back button after logging out, the summary page is redisplayed, but any attempt to do anything from there goes back to login page with the session expired message, as is expected. The problem is how to keep it from redisplaying the summary page at all from the back button. I can see the page in the browser cache. If I manually delete the summary page from the browser cache before hitting the back button, then all works as expected, it goes immediately to the login page. I have tried every manner of cache control in the baselayout.jsp, meta tags at the begnning and the end, as well as setHeader() calls. Nothing seems to stop the browser from caching the page. I know it's not going back to the server when the back button is hit, because I see no logs on the server. Also if I hit the refresh button at that point, it goes to the login page with the expires message as well. This is so frustrating. This is happening in both IE and FF.
Any suggestions would be greatly appreciated.
