aspose file tools*
The moose likes Servlets and the fly likes Implemented a filter, trying to prevent caching during logout from servlet. Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Implemented a filter, trying to prevent caching during logout from servlet." Watch "Implemented a filter, trying to prevent caching during logout from servlet." New topic
Author

Implemented a filter, trying to prevent caching during logout from servlet.

Steven Mac
Greenhorn

Joined: May 27, 2010
Posts: 13
Hey Guys,

I was doing some reading this morning about trying to use filters to prevent caching and implemented a filter for now. I do have the Filter working and being called as defined in my web.xml. I put the recommended setHeader to prevent Firefox from caching when I logout. It appears that my invalidate() is working properly, but the ability to type the servlet name I just came from or hitting the back button seems to keep the old stuff. Is there a definite solution of what I must do to prevent someone from typing in the servlet or hitting the back button, being forced to re-login in again to access those pages? What would be the correct fix?

Being new to using filters, it seems that when I load the page the filter is being called. As it is being called, I would expect those variables for the header be defined for the browser, but seems to have no affect with the latest Firefox. Am I missing something specifically defined to tell Firefox how to behave? The same would be true for IE and Chrome.

Thanks for your help... Steven




<filter>
<filter-name>SessionFilter</filter-name>
<filter-class>
com.filter.SessionFilter
</filter-class>
</filter>

<filter-mapping>
<filter-name>SessionFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60053
    
  65

Is there anything preventing people from accessing the pages when not logged in? If not, then typing in the URL will simply show them the page. Or is that implemented with a different filter?


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Steven Mac
Greenhorn

Joined: May 27, 2010
Posts: 13
Thanks for responding. When coming in brand new (the landing page not visited), it detects that a set attribute is missing and will do a redirect so the user can't go directly to. Here is flow:

Login
--> Landing Page
--> User selects Logoff
->Back to Login page

As you had mentioned, the user can hit the back button or simple type in the landing page servlet name as the URL, and they are back on the landing page. I want to prevent that from happening, but it seems everything I have tried has not yet worked in a Firefox browser to prevent it from loading cache. If they hit logout, I want them to then log back in again, not accessing the landing page by hitting the back button.

Thank you!
vipul bondugula
Ranch Hand

Joined: Oct 14, 2010
Posts: 218
Steven Mac wrote:
<filter>
<filter-name>SessionFilter</filter-name>
<filter-class>
com.filter.SessionFilter
</filter-class>
</filter>

<filter-mapping>
<filter-name>SessionFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>




You mentioned when logged off, filter will be executed. According to your configuration, filter will be executed for every request.


Thanks
Vipul Kumar
vipul bondugula
Ranch Hand

Joined: Oct 14, 2010
Posts: 218


I have done modification for your code. check it once.

Thanks
Vipul
Steven Mac
Greenhorn

Joined: May 27, 2010
Posts: 13
Hi Vipul,

Yes, I wanted to have the filter execute everytime to indicate that I don't want caching of the webpage so that when the user logs out, and they attempt to hit the back button in Firefox (or any other browser), they cannot see the previous page and must be forced to log back in. I tried the response.setHeaders below, but they are not working to prevent caching of the pages. Another way that would work for me based upon how my code is set up is I just need a simple page refresh from the server because the session should be invalidated with attributes removed, redirecting the user back to login.

To restate the issue: I want to prevent the caching of a web page once the user has logged out and being able to go back to previous page. I read that a filter was good to use as it can execute for each servlet/jsp. Any thoughts on this?

This doesn't seem to be working:

 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Implemented a filter, trying to prevent caching during logout from servlet.
 
Similar Threads
Session Management with Ajax
Filters and GZip
Struts 2 - logout - prevent back button
Setting response headers conditionally
org.springframework.web.HttpSessionRequiredException: Session attribute 'user' required - not found