Session problem or the browser problem?

HI friends,
I developed a simple application which need user to login and logout.
The problems is when user logout and then he click the back button for more many time, he will get a message from the browser which is:

// Mozilla Firefox
The page you are trying to view contains POSTDATA that has expired from cache. If you resend the data, any action from the form carried out (such as a search or online purchase) will be repeated. To resend the data, click OK. Otherwise, click Cancel.
//or in IE
Warning: Page has expired
The page you requested was created using information you submitted in a form. This page is no longer available. As a security precaution, Internet Explorer does not automatically resubmit your information for you.
To resubmit your information and view this Web page, click the Refresh button.

So if he click ok(Firefox)/Refresh(IE), then he will get back the page b4 login, and of cause it is not secure if the page previous contains an important data.

Actually, I refer this article as my guidance:
http://www.javaworld.com/javaworld/jw-09-2004/jw-0927-logout.html

//this is some code in my logout.jsp
session.setAttribute("dbHost",null); session.setAttribute("dbUser",null); session.setAttribute("dbPassword",null); session.removeAttribute("dbHost"); session.removeAttribute("dbUser"); session.removeAttribute("dbPassword"); session.removeAttribute("dbName"); session.removeAttribute("tblName"); session.invalidate(); response.sendRedirect("index.jsp");

//all my jsp pages after login, I put
response.setHeader("Cache-Control","no-cache response.setDateHeader("Expires", 0); response.setHeader("Pragma","no-cache"); response.addHeader("Cache-Control","no-store"); response.addHeader("Cache-control", "max-age=0"); String dbHost = (String) session.getAttribute("dbHost"); String dbUser = (String) session.getAttribute("dbUser"); String dbPassword = (String) session.getAttribute("dbPassword"); if((null == dbHost)&&(null == dbUser)&&(null == dbPassword)) { request.setAttribute("Error", "Session has ended. Please login."); RequestDispatcher rd = request.getRequestDispatcher("expired.jsp"); rd.forward(request, response); }

I have tried to print out the value of dbHost at logout.jsp, and I checked at my LogFile the value is null but then, after do a test by click the back button the value is the same like b4 logout.

When I did some searching I found this article by the same author
http://www.javaworld.com/javaworld/jw-10-2006/jw-1006-logout.html?page=1

But, it is a little bit difficult for me coz I totally don�t know about JSF and Stripe. Honestly, I am new in java.

So my dear friends, could you help me out or have any idea?
Thanks in advance for any hints
Regards
-paoh-

This happens any time you try to back into or refresh a page that was drawn in response to a request of type POST.
The simplest way to avoid this is not to draw pages in response to form posts.
The Post-Redirect-Get pattern solves this problem by redirecting to the response page after a post request.

Bear Bibault discusses this pattern in the following article:
http://www.javaranch.com/journal/200603/Journal200603.jsp#a5

Hi Ben,
I have read the article. So I tried to implement the PRG Technique to my application. But honestly, I not sure whether I am do it correctly or not...

To be concise on what I have done, below is the step I used during implemented this technique to my application:
1. I call my servlet page form a form. Example:
<form name="loginForm" method="post" action="LoginAction">
And sometimes I used jsp:forward.

2. I used this LoginAction as my Task Controller; then, after I did some processes here then I redirect it to another servlet page using this syntax:
response.sendRedirect("http://localhost:8080/GetDatabase");
But it got an error on it so I changed to a forward statement which is:
this.getServletContext().getRequestDispatcher("/GetDatabase").forward(request,response);

3. I used GetDatabase as my Page Controller, where it forward to jsp page using this syntax:
this.getServletContext().getRequestDispatcher("/showDb.jsp").forward(request,response);

After I deployed, I can run this application (it can show the information) but it is still not solve the logout problem. If not a burden, could you (or any one) please tell me whether I�m doing it (PRG Technique/Servlet) right or not? And could you recommend/suggest me, any tutorial/web site that I can use this technique to solve the problem?

Thanks in advance for any hints
Regards
-paoh-

I used to have such problem long back. This is because, after a successful login we set some attributes in the session. These session objects are responsible for the pages to be displayed correctly. I hope you are passing some url parameters and these url parameters are from the session. The reason why you get the "Page Expired" is, after you logout and go back, the session objects will be null and the url parameters(which are the session objects) also will be null. After logout, all the session objects will be removed and thus you can't view the pages. When the session is null we normally forward the page to login page.Let me know if I am wrong.

Thanks,
Rama Krishna Ghanta

...But it got an error on it so I changed to a forward statement which is:..

If you're forwarding, then you're not implementing PRG properly.
The key is to do a redirect which causes the browser to make a new GET request.

Find out what was causing the problem with sendRedirect.

I've just added a simple JSP example of the Post-Redirect-Pattern to the JspFaq.

http://faq.javaranch.com/view?PostRedirectGet
[ January 03, 2007: Message edited by: Ben Souther ]

Thanks Ben. The example you gave really help me a lots =)... After I did some changing to my codes by referring to the example, finally the logout problem was solved.

Refer to my previous post in this topic, I changed the step 2 with :
response.sendRedirect(request.getContextPath()+"/GetDatabase");

And each of my Page Controller (servlets), I add the code like below, and then I forward it to jsp page (same like step 3). If I did not put this code, it will show the server error message.
response.setHeader("Cache-Control","no-cache response.setDateHeader("Expires", 0); response.setHeader("Pragma","no-cache"); response.addHeader("Cache-Control","no-store"); response.addHeader("Cache-control", "max-age=0"); String dbHost = (String) session.getAttribute("dbHost"); String dbUser = (String) session.getAttribute("dbUser"); String dbPassword = (String) session.getAttribute("dbPassword"); if((null == dbHost)&&(null == dbUser)&&(null == dbPassword)) { request.setAttribute("Error", "Session has ended. Please login."); RequestDispatcher rd = request.getRequestDispatcher("expired.jsp"); rd.forward(request, response); }

Let me know if I am doing it wrong. And also thanks to Rama for the information given =)...

Terima kasih->thank you
Regards
-paoh-