Has anyone had problems with pages being cached by the browser?
I implemented a SSO solution, which seems to be working except for one snag: The pages appear to be getting cached and aren't reloading.
If the user clicks on the Log In button, it takes them to another web app where they can log in. When done, it redirects them back to the main forum page, but it doesn't show them as logged in until I manually click on the Reload button on the browser. The same thing happens with Log Out.
Basically, anything that causes the page to reload will fix re-sync the display, which what makes me think this is a cache problem. But every page includes a no-cache meta tag, so I'm not sure who would be caching it.
Any thoughts? [originally posted on jforum.net by jbucanek]
OK, I've done a little more experimentation and it appears that it is not a page caching problem. JForum is not refreshing the session state of the user when the user logs out via a redirected SSO.
Here's what I've got in SystemGlobals.properties
note: there's a bug in how JForum handles redirects to sso.redirect which I had to fix. I'll post a bug report and the fix for this in a moment.
When the user clicks on login, JForum redirects to my login URL. After login, my main webapp redirects them back to the JForum URL that was passed to it via the login URL. I verified that JForum gets a request to reload the page. But SSO.isSessionValid() is never called, so JForum redisplays the page as if the user is still not logged in.
For logging out, I managed to fix this problem by setting the return URL to ${JForumContext.encodeURL("/user/logout")}. So the log out link takes the user to the log out page on my web app, then redirects them back to /user/logout. This correctly clears the logged-in state and the page draws correctly.
So what do I need to do to get JForum to check for an invalid user session when it comes back from sso.redirect? Or, said another way, way isn't the return URL expecting that the user session state has changed?
