[thelist] Jsp Expiration

Anand, Sashi sanand at probusiness.com
Mon Apr 16 15:40:17 CDT 2001


	I was wondering if you could give me a hand with some strange JSP
behavior using JRun and Apache. In my servlet, I have the following lines to
tell the browser not to cache the JSP that I dispatch to:

	response.setHeader("Pragma", "no-cache");
	response.setHeader("cache-control", "no-store");
	response.setDateHeader("Expires", 0);

	We have the equivalent approach with our ASP pages. The problem
occurs when the user clicks on the log off link. The cookie get erased
properly, but when the user clicks the back button, they can see the page
that they were on before they logged off. If the user clicks refresh, the
page reloads, detects that there is no cookie, and sends them to the logon
page. I thought that since I set the headers to expire the page, when the
user clicks back after they logoff, the browser would automatically refresh
the page, detect the missing cookie, and redirect to the logon screen. But,
for whatever reason, the expiration directives are not behaving the same as
ASP/IIS. I have fooled around with Apache's httpd.conf file to load the
mod_expiration module. I also added the directives to turn expiration on,
and expire all content immediately, to no avail.

	Have you run into this problem ? If so, what steps did you take to
prevent this?

rgds
Sashi
Sashi Anand Sundaravadanam
ProBuisness R&D Internet


Tel - (925)737-7171 (O)
Room No: NC16
http://www.probusiness.com





More information about the thelist mailing list