• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Cacheing problem in JSP's

 
B Mampilli
Ranch Hand
Posts: 61
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all,
This was a question I was asked in the Interview.
I create a JSP and host it on the server. This JSP is shown after the User has entered his Login name and password and clicked on submit. When this page is shown in the browser it gets stored in the cache.
Later, I again login, this time instead of validating the user name and password, the browser just shows me the page which existed in cache. How can I solve this problem of cacheing in JSP's.
Assume that I am using the Tomcat server.
Regards,
Boney
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
"Boney M",
Your name does not comply to the JavaRanch naming standard.
Please see here for more information then edit your profile.
Accounts with invalid display names get deleted, and it is likely that yours will be deleted soon
Thanks,
Dave.
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Any page that exists in a secured site should inform the browser not to cache the page. If the page is encrypted (ie HTTPS) then usually the page will not be cached.
Asking that a page not be cached is a part of the HTTP protocol and not controlled by the JSP, but there are some helper methods to make it easier to send the HTTP instructions.
Before I pass the Jave code on, you should also be aware that caching is performed in other places and not just the browser, this is why it includes instructions to remove the cache from proxies.
I tend to use the following code:

Dave
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sorry, "Boney" is still not valid.
Your name must be two words, firstname lastname, your first name can be an initial but your last cannot, it cannot be obviously fictitious, and we strongly recommend using your real name.
thanks,
Dave
 
B Mampilli
Ranch Hand
Posts: 61
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I hope its ok now...
But Boney IS my name.
Anyway...
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yep, strange thing about our naming convention:
B Mampilli is valid.
Boney Mampilli is valid.
Boney M is not.

There's no point arguing the point with the management, we've had the conversation many times!
Thanks for changing your display name though.

[ I appear to have a problem with typing ]
[ June 11, 2003: Message edited by: David O'Meara ]
 
B Mampilli
Ranch Hand
Posts: 61
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It's ok..
Now back to my question...
The interviewer had said that when a request is sent by the html page to the server for a jsp page or a servlet, the request is not serviced by the server, instead, the html page which is existing in the cache is displayed in the browser.
Boney
 
Rohit Ahuja
Ranch Hand
Posts: 121
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I had used the code that u just used about the header, but then is this code for the server side or the browser side??
 
SJ Adnams
Ranch Hand
Posts: 925
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
stick a random key-pair on the end of the request
 
David Hibbs
Ranch Hand
Posts: 374
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by B Mampilli:
The interviewer had said that when a request is sent by the html page to the server for a jsp page or a servlet, the request is not serviced by the server, instead, the html page which is existing in the cache is displayed in the browser.

Just as a point of clarification, HTML pages do not send reqests. For that matter, they don't do anything at all except sit there and (hopefully) look pretty.
If you click a link on that page, you (via your browser) now issue a new request to the server.
Anyway, more to the point of the question...
a) you can (and should) have your login process check to make sure the username in the session matches the one from the login form
b) use the random keypair method mentioned
c) use the headers already mentioned
d) clear the session on a logout
Note that I recommend all of the above, because inevitably caching is up to the browser.
Once an HTML page is rendered back to the browser, the server doesn't keep track of what you do. However, your *browser* does--you can see this in your page history. It is up to the *browser* to
a) determine whether to cache a page
b) check for a page in the cache
In the case of a proxy, there's another layer of possible caching, because the proxy is basically a browser itself, checking pages etc.
Hence, with browsers and proxies being prone to changes, coming and going, etc, you can't 100% trust the headers to do what you want on every single browser and every single proxy.
So, the random key method is probably the most effective. That said, try to be paranoid and do all of the above. Unfortunately, though, you can't do anything about users who don't log out and leave the page open on a publich machine.
 
B Mampilli
Ranch Hand
Posts: 61
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yup, when i said an html page sending a request, i meant calling a servlet or JSP from an HTML page.
I dont know what you mean by the Random Key Pair Method. Could you please explain it?
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic