I am facing a strange scenario in WSAD-webspere while trying to access the application through IP address. I am using wsad for the developing the web application ,it had the form based authentication mechanism <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/view/jsp/LoginPage.jsp</form-login-page> <form-error-page>/view/jsp/errorLogin.jsp</form-error-page> </form-login-config> and have a jsp page with a form submitting to �ibm_security_logout�. When we access the application the running on the local PC with http�//localhost:�..followed by the context and the relevant folder structure it works just fine. But when we start accessing the same application through the IP address URL i.e at the place of �localhost� if we put ip address of the machine we get different result some how it retains first logged in users data and continue showing it with the next logged in user even after first user logged from the application. Just to make sure that its not specific to WSAD I created a domain on Webspere server and mapped it to IP address of the Webspere server. So that I could access the application deployed on webspere server using the IP addres URL i.e http://965.34.476.454:9080/ContextXYZ/view/jsp/LoginPage.jsp its behaving in the same strange manner retaining the data of the first logged in user and showing it to all other subsequent loggers even after the first user has logged out.
Please suggest me is it some thing to do with the erroneous implementation of the form based Authentication in the application (we are not using the separate logged off page and simply redirecting the user to login page) Or it has some thing to do with the ip address access in WSAD-Webspher. Strange part is same application behaves fine when accessed through the local host URL on same machine and if accessed through mapped URL on web sphere. I know you all must be in a holiday mood with this long week end,but I can`t relax till the time I get solution for this scenario ,I will highly appreciate any help on this.
Try telling the web browser not to cache any information sent by the application. A good way to do this which I've implemented before is to use a Filter that filters all requests and add the following to the response (as illustrated in JavaServer Pages, 3rd edition Hans Bergsten):
I don't think all of that is necessary, but you can decide which headers you want to add or set, and apply those to each response using a filter.
Also, this may be obvious, but if you're using Application scoped variables to store user information, that could be a cause too.