This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes JSP and the fly likes Cacheing problem in JSP's Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » JSP
Bookmark "Cacheing problem in JSP Watch "Cacheing problem in JSP New topic
Author

Cacheing problem in JSP's

B Mampilli
Ranch Hand

Joined: Aug 05, 2002
Posts: 61
Hi all,
This was a question I was asked in the Interview.
I create a JSP and host it on the server. This JSP is shown after the User has entered his Login name and password and clicked on submit. When this page is shown in the browser it gets stored in the cache.
Later, I again login, this time instead of validating the user name and password, the browser just shows me the page which existed in cache. How can I solve this problem of cacheing in JSP's.
Assume that I am using the Tomcat server.
Regards,
Boney
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

"Boney M",
Your name does not comply to the JavaRanch naming standard.
Please see here for more information then edit your profile.
Accounts with invalid display names get deleted, and it is likely that yours will be deleted soon
Thanks,
Dave.
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

Any page that exists in a secured site should inform the browser not to cache the page. If the page is encrypted (ie HTTPS) then usually the page will not be cached.
Asking that a page not be cached is a part of the HTTP protocol and not controlled by the JSP, but there are some helper methods to make it easier to send the HTTP instructions.
Before I pass the Jave code on, you should also be aware that caching is performed in other places and not just the browser, this is why it includes instructions to remove the cache from proxies.
I tend to use the following code:

Dave
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

Sorry, "Boney" is still not valid.
Your name must be two words, firstname lastname, your first name can be an initial but your last cannot, it cannot be obviously fictitious, and we strongly recommend using your real name.
thanks,
Dave
B Mampilli
Ranch Hand

Joined: Aug 05, 2002
Posts: 61
I hope its ok now...
But Boney IS my name.
Anyway...
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

Yep, strange thing about our naming convention:
B Mampilli is valid.
Boney Mampilli is valid.
Boney M is not.

There's no point arguing the point with the management, we've had the conversation many times!
Thanks for changing your display name though.

[ I appear to have a problem with typing ]
[ June 11, 2003: Message edited by: David O'Meara ]
B Mampilli
Ranch Hand

Joined: Aug 05, 2002
Posts: 61
It's ok..
Now back to my question...
The interviewer had said that when a request is sent by the html page to the server for a jsp page or a servlet, the request is not serviced by the server, instead, the html page which is existing in the cache is displayed in the browser.
Boney
Deepak A
Ranch Hand

Joined: Oct 04, 2001
Posts: 121
I had used the code that u just used about the header, but then is this code for the server side or the browser side??


Face Off.
SJ Adnams
Ranch Hand

Joined: Sep 28, 2001
Posts: 925
stick a random key-pair on the end of the request
David Hibbs
Ranch Hand

Joined: Dec 19, 2002
Posts: 374
Originally posted by B Mampilli:
The interviewer had said that when a request is sent by the html page to the server for a jsp page or a servlet, the request is not serviced by the server, instead, the html page which is existing in the cache is displayed in the browser.

Just as a point of clarification, HTML pages do not send reqests. For that matter, they don't do anything at all except sit there and (hopefully) look pretty.
If you click a link on that page, you (via your browser) now issue a new request to the server.
Anyway, more to the point of the question...
a) you can (and should) have your login process check to make sure the username in the session matches the one from the login form
b) use the random keypair method mentioned
c) use the headers already mentioned
d) clear the session on a logout
Note that I recommend all of the above, because inevitably caching is up to the browser.
Once an HTML page is rendered back to the browser, the server doesn't keep track of what you do. However, your *browser* does--you can see this in your page history. It is up to the *browser* to
a) determine whether to cache a page
b) check for a page in the cache
In the case of a proxy, there's another layer of possible caching, because the proxy is basically a browser itself, checking pages etc.
Hence, with browsers and proxies being prone to changes, coming and going, etc, you can't 100% trust the headers to do what you want on every single browser and every single proxy.
So, the random key method is probably the most effective. That said, try to be paranoid and do all of the above. Unfortunately, though, you can't do anything about users who don't log out and leave the page open on a publich machine.


"Write beautiful code; then profile that beautiful code and make little bits of it uglier but faster." --The JavaPerformanceTuning.com team, Newsletter 039.
B Mampilli
Ranch Hand

Joined: Aug 05, 2002
Posts: 61
Yup, when i said an html page sending a request, i meant calling a servlet or JSP from an HTML page.
I dont know what you mean by the Random Key Pair Method. Could you please explain it?
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Cacheing problem in JSP's
 
Similar Threads
Caching is not working
caching problem!!!!
I need help on developing login/logout application using struts2 frame work
Directing login errors to form-login-page -- spurious login error message
Access protected folder without password