• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Bear Bibeault
  • Devaka Cooray
  • Liutauras Vilda
  • Jeanne Boyarsky
  • Knute Snortum
  • Junilu Lacar
  • paul wheaton
Saloon Keepers:
  • Ganesh Patekar
  • Frits Walraven
  • Tim Moores
  • Ron McLeod
  • Carey Brown
  • Stephan van Hulst
  • salvin francis
  • Tim Holloway

Internet Exploror Back Button  RSS feed

Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am developping one web site.in that i am using filters concept for authentication purpose.But my problem is when ever user enter his username and password then filter automatically checks this user is exists or not .If exists then controle goes to our member area i.e.,enters into our web site in that so many links if you click on any link then cursor go to that page on that i am loged out the site(for our intrest).then cursor goes to admin page(that is setting in the filter)If this time press Intenet exploror Back Button then control goes to what ever link prevously I am loged out this is the actual problem.

but i am using cache methods also.
Ranch Hand
Posts: 186
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Why not store the authentication information in a session attribute and check for that in your filter?

Also, consider using form-based container managed authentication and authorisation.
Ranch Hand
Posts: 429
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Two possible causes for the problem:

1. Your filter doesn't map to the linked pages. It must cover everything that you want to protect, not just your main page.

2. Even if the filter covers everything, the browser stores the pages in a cache. When the user clicks "Back", the browser can use the cached pages without actually asking the server for the page again. This means the server doesn't even know that the user is viewing the page a second time, so the filter becomes useless.

For case 2, all the pages you want to protect need to set headers that would tell the browser to never cache the pages.

Try putting the following three calls in the doFilter() of the filter:

response.setHeader("Cache-Control", "no-cache");
response.setHeader("Pragma", "no-cache");

This way no page retrieved through the filter will be cached by browsers that respect these headers.

Note that if your filter only protects the main page, you need to follow Daniel's advice and have each page check the session to see if the user is logged in or not. In this case the headers must be set in every page to make sure they are not cached.

[ August 18, 2005: Message edited by: Yuriy Zilbergleyt ]
Don't get me started about those stupid light bulbs.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!