This week's book giveaway is in the OCAJP 8 forum. We're giving away four copies of OCA Java SE 8 Programmer I Study Guide and have Edward Finegan & Robert Liguori on-line! See this thread for details.
HI friends, I developed a simple application which need user to login and logout. The problems is when user logout and then he click the back button for more many time, he will get a message from the browser which is:
// Mozilla Firefox The page you are trying to view contains POSTDATA that has expired from cache. If you resend the data, any action from the form carried out (such as a search or online purchase) will be repeated. To resend the data, click OK. Otherwise, click Cancel. //or in IE Warning: Page has expired The page you requested was created using information you submitted in a form. This page is no longer available. As a security precaution, Internet Explorer does not automatically resubmit your information for you. To resubmit your information and view this Web page, click the Refresh button.
So if he click ok(Firefox)/Refresh(IE), then he will get back the page b4 login, and of cause it is not secure if the page previous contains an important data.
This happens any time you try to back into or refresh a page that was drawn in response to a request of type POST. The simplest way to avoid this is not to draw pages in response to form posts. The Post-Redirect-Get pattern solves this problem by redirecting to the response page after a post request.
Hi Ben, I have read the article. So I tried to implement the PRG Technique to my application. But honestly, I not sure whether I am do it correctly or not...
To be concise on what I have done, below is the step I used during implemented this technique to my application: 1. I call my servlet page form a form. Example:
And sometimes I used jsp:forward.
2. I used this LoginAction as my Task Controller; then, after I did some processes here then I redirect it to another servlet page using this syntax:
But it got an error on it so I changed to a forward statement which is:
3. I used GetDatabase as my Page Controller, where it forward to jsp page using this syntax:
After I deployed, I can run this application (it can show the information) but it is still not solve the logout problem. If not a burden, could you (or any one) please tell me whether I�m doing it (PRG Technique/Servlet) right or not? And could you recommend/suggest me, any tutorial/web site that I can use this technique to solve the problem?
I used to have such problem long back. This is because, after a successful login we set some attributes in the session. These session objects are responsible for the pages to be displayed correctly. I hope you are passing some url parameters and these url parameters are from the session. The reason why you get the "Page Expired" is, after you logout and go back, the session objects will be null and the url parameters(which are the session objects) also will be null. After logout, all the session objects will be removed and thus you can't view the pages. When the session is null we normally forward the page to login page.Let me know if I am wrong.