Win a copy of The Java Performance Companion this week in the Performance forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Implemented a filter, trying to prevent caching during logout from servlet.

 
Steven Mac
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hey Guys,

I was doing some reading this morning about trying to use filters to prevent caching and implemented a filter for now. I do have the Filter working and being called as defined in my web.xml. I put the recommended setHeader to prevent Firefox from caching when I logout. It appears that my invalidate() is working properly, but the ability to type the servlet name I just came from or hitting the back button seems to keep the old stuff. Is there a definite solution of what I must do to prevent someone from typing in the servlet or hitting the back button, being forced to re-login in again to access those pages? What would be the correct fix?

Being new to using filters, it seems that when I load the page the filter is being called. As it is being called, I would expect those variables for the header be defined for the browser, but seems to have no affect with the latest Firefox. Am I missing something specifically defined to tell Firefox how to behave? The same would be true for IE and Chrome.

Thanks for your help... Steven




<filter>
<filter-name>SessionFilter</filter-name>
<filter-class>
com.filter.SessionFilter
</filter-class>
</filter>

<filter-mapping>
<filter-name>SessionFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64975
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Is there anything preventing people from accessing the pages when not logged in? If not, then typing in the URL will simply show them the page. Or is that implemented with a different filter?
 
Steven Mac
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for responding. When coming in brand new (the landing page not visited), it detects that a set attribute is missing and will do a redirect so the user can't go directly to. Here is flow:

Login
--> Landing Page
--> User selects Logoff
->Back to Login page

As you had mentioned, the user can hit the back button or simple type in the landing page servlet name as the URL, and they are back on the landing page. I want to prevent that from happening, but it seems everything I have tried has not yet worked in a Firefox browser to prevent it from loading cache. If they hit logout, I want them to then log back in again, not accessing the landing page by hitting the back button.

Thank you!
 
vipul bondugula
Ranch Hand
Posts: 219
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Steven Mac wrote:
<filter>
<filter-name>SessionFilter</filter-name>
<filter-class>
com.filter.SessionFilter
</filter-class>
</filter>

<filter-mapping>
<filter-name>SessionFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>




You mentioned when logged off, filter will be executed. According to your configuration, filter will be executed for every request.
 
vipul bondugula
Ranch Hand
Posts: 219
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator


I have done modification for your code. check it once.

Thanks
Vipul
 
Steven Mac
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Vipul,

Yes, I wanted to have the filter execute everytime to indicate that I don't want caching of the webpage so that when the user logs out, and they attempt to hit the back button in Firefox (or any other browser), they cannot see the previous page and must be forced to log back in. I tried the response.setHeaders below, but they are not working to prevent caching of the pages. Another way that would work for me based upon how my code is set up is I just need a simple page refresh from the server because the session should be invalidated with attributes removed, redirecting the user back to login.

To restate the issue: I want to prevent the caching of a web page once the user has logged out and being able to go back to previous page. I read that a filter was good to use as it can execute for each servlet/jsp. Any thoughts on this?

This doesn't seem to be working:

 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic