This week's book giveaway is in the OCAJP 8 forum. We're giving away four copies of OCA Java SE 8 Programmer I Study Guide and have Edward Finegan & Robert Liguori on-line! See this thread for details.
we have a web application. The first page is Login.jsp. After log in, we get the second page YourAccount.jsp. It display the use Id and other related infomation.
It works well when we visit it directly with browser. But if the customer visits the login.jsp via their proxy. They first use userid1 to log in, they get userid1 in the YourAccount.jsp. It is correct. Then they use userid2 to log in, they still get userid1 in the YourAccount.jsp. At first we think it's proxy cache problem. We add the following statements in the begining of YourAccount.jsp. response.setHeader("Pragma", "no-cache"); response.setHeader("Cache-Control", "no-cache"); response.setDateHeader("Expires", 0); It doesn't work. Then we change our LoginServlet(Login.jsp-->LoginServlet-->YourAccount.jsp) to add userid at the end of the YourAccount.jsp(YourAccount.jsp?userid=useridVar). Although userid parameter is no use for us. It works this time. Is it possible that the customer disable the cookie to cause this problem? Should I use response.sendRedirect(response.encodeRedirectedURL("../CG/YourAccount.jsp")) to solve this problem? Thanks in advance
One of our bartenders once told a story about having to add 'dummy' parameters onto his web page URLs, in order for a badly misbehaving caching proxy server to stop caching his pages.
A 'plain' URL like "accountinfo.jsp" might not be seen as dynamic by the proxy, even though you've set the appropriate headers. But the inclusion of a querystring (ANY querystring) worked.
You might be running in to the same problem.
The other thing to be sure and investigate is :
log in as user 1 logout and *clear the browser cookies to be sure* log in as user 2 If you get the correct behaviour, without the querystring 'fix', then perhaps there is an issue with how you store the user's id (like by using a <%! tag instead of <%
Joined: May 20, 2003
Mike, thanks for your reply. It seems each time we use session value, the url is the same for the silly proxy. We have to add session id at the end of the url to cheat the proxy when we use session value.