Hello, there. I am developing a Servlet + JSP based Web application. The
user start w/ the Login.html page. The username and password form data is
posted to the "LoginServlet". If login successful, the "LoginServlet" put
the user to a three-frame main page: top (nav bar), left (menu), and body
(home). In all .html and .jsp files, I have the following in the <HEAD> ...
</HEAD> block:
<META HTTP-EQUIV="Expires" CONTENT="0">
<META HTTP-EQUIV="Pragma" CONTENT="no-cache">
<META HTTP-EQUIV="Cache-Control" CONTENT="no-cache">
<META HTTP-EQUIV="Cache-Control" CONTENT="no-store">
When servlet generate the response, I set similar headers for the response.
these are based on the previous dicussions on "cache" and "security" on the
SERVLET-INTEREST and JSP-INTERST.
When user click on "Logout", I invalidate the session, and put them back to
the "Login.html".
After a typical session like this, I look at the history of the browser
(click on "Go" for Netscape Communicator 4.5 and "History" for MS IE4), and
found that I was able to click the "Back" button to go the LoginServlet URL,
and the display is:
*****
Data Missing
This document resulted from a POST operation and has expired from the cache.
If you wish you can repost the
form data to recreate the document by pressing the reload button.
*****
This seems to suggest that the page is indeed expired. But when I click on
reload, it puts me right back to the User Home, which seems to suggest that
Form Data (which the user entered on Login.html) is still cached by the
browser.
BTW, the "Login.html" is also shown in history (at least for Netscape), but
the user entered data is not there if I select the page or "Back" to the
page. so that's no problem.
I am doing this on server: Win NT 4.0 w/ SP 3, WebSphere Standard 2.0;
client: Netscape Communicator 4.5 and MS IE4.
I hope I have described the problem. Any help is appreciated!
weibo (weber) yuan
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff JSP-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
