File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Servlets and the fly likes Proxy problem or cookie disable Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Proxy problem or cookie disable" Watch "Proxy problem or cookie disable" New topic

Proxy problem or cookie disable

George Liao

Joined: May 20, 2003
Posts: 14
we have a web application. The first page is Login.jsp. After log in, we get the second page YourAccount.jsp. It display the use Id and other related infomation.

It works well when we visit it directly with browser. But if the customer visits the login.jsp via their proxy. They first use userid1 to log in, they get userid1 in the YourAccount.jsp. It is correct. Then they use userid2 to log in, they still get userid1 in the YourAccount.jsp. At first we think it's proxy cache problem. We add the following statements in the begining of YourAccount.jsp.
response.setHeader("Pragma", "no-cache");
response.setHeader("Cache-Control", "no-cache");
response.setDateHeader("Expires", 0);
It doesn't work.
Then we change our LoginServlet(Login.jsp-->LoginServlet-->YourAccount.jsp)
to add userid at the end of the YourAccount.jsp(YourAccount.jsp?userid=useridVar). Although userid parameter is no use for us. It works this time.
Is it possible that the customer disable the cookie to cause this problem?
Should I use response.sendRedirect(response.encodeRedirectedURL("../CG/YourAccount.jsp")) to solve this problem?
Thanks in advance
Mike Curwen
Ranch Hand

Joined: Feb 20, 2001
Posts: 3695

One of our bartenders once told a story about having to add 'dummy' parameters onto his web page URLs, in order for a badly misbehaving caching proxy server to stop caching his pages.

A 'plain' URL like "accountinfo.jsp" might not be seen as dynamic by the proxy, even though you've set the appropriate headers. But the inclusion of a querystring (ANY querystring) worked.

You might be running in to the same problem.

The other thing to be sure and investigate is :

log in as user 1
logout and *clear the browser cookies to be sure*
log in as user 2
If you get the correct behaviour, without the querystring 'fix', then perhaps there is an issue with how you store the user's id (like by using a <%! tag instead of <%
George Liao

Joined: May 20, 2003
Posts: 14
Mike, thanks for your reply. It seems each time we use session value, the url is the same for the silly proxy. We have to add session id at the end of the url to cheat the proxy when we use session value.
I agree. Here's the link:
subject: Proxy problem or cookie disable
It's not a secret anymore!