{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 beautiful° 的问题《after logout click on back button cache issue》','https://www.manongdao.com/q-333063.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
<%
response.setHeader("Cache-Control","no-cache,no-store,must-revalidate");//HTTP 1.1
response.setHeader("Pragma","no-cache"); //HTTP 1.0
response.setDateHeader ("Expires", 0); //prevents caching at the proxy server
%>
after logout, on comming login page if you click back button it shows old page as it is logged in. I am using above 3 lines in a jsp and I am including this in all my jsps inside body tag. this is not working for some jsps . what are the things we need to consider for stoping cacheing after loggout . If a jsp having a form with Post method , this technique does not work ?.
In my Logout action I am doing this.
Cookie logoutCookie = new Cookie("somename", null);
logoutCookie.setPath("/somename");
logoutCookie.setMaxAge(0);
ServletActionContext.getResponse().addCookie(logoutCookie);
Thanks.
Have you tried
response.setHeader("Cache-control","no-store"); response.setHeader("Pragma","no-cache"); response.setDateHeader("Expires", -1);? I think your missing the quotes at the right place..This might be too late when the HTTP response is already committed at that point. A HTTP response will be committed when an X amount of characters are already been written to it, which will in your case be the HTML
<head>. You need to put those lines in the very top of the JSP file, not in the<body>of the HTML representation.On an unrelated note, you're making a huge design mistake by copypasting the same lines of code over multiple files. This is not DRY. Whenever you need to copypaste code, you should always stop and ask yourself if there isn't a single place to execute the particular code. In your particular case, you should have used a
Filterinstead. For a concrete example, see also this answer: Prevent user from seeing previously visited secured page after logout. Also, writing Java code in JSPs is a bad practice. Check How to avoid Java code in JSP files?Also, your logout method is strange. Don't store the username in some custom cookie. You're basically reinventing the session. Just store the logged-in user as a session attribute instead and invalidate the entire session and send a redirect.
For background information on working of session, read this: How do servlets work? Instantiation, sessions, shared variables and multithreading
If you are using the back button from the browser, there is nothing you can do. The page will always come from the cache.
Just make sure you invalidate the session when the user clicks logout. That way when the user hits 'back' and tries to use the page he will be redirected to the login page (If your site is programmed correctly).
[EDIT]
Here is the header we put to have no cache for http 1.1 :
Create a session attribute let's say "valid" and initialize it with any value other then null in the jsp, just after the login credentials were matched. Now create a verify.jsp with the following code:
Now simply include this jsp file on each jsp page and its done. Do not forget to write "session.invalidate();" in logout.jsp
Hope it will work..!!!