--- Paul Phillips <[EMAIL PROTECTED]> wrote: > Hello > > I have written a simple servlet-jsp application that uses sessions and form > based authentication using the container security. It is running under > Tomcat 4.03 > > I have implemented a logout page that has, as its last line: > mysession.invalidate(). > > This seems to close this session just fine - I can go to the login page > and login again. > > However, I have noticed that if I am on the logout page, and press the back > button, I get the previous page from the cache. If I try to click on > anything on that previous page, it bumps me out to the login page, > indicating that the session I am trying to use has expired. > > This is good. > > However, I don't even want the back button to allow the user to go back to > a previous page at all. > > I have put this code at the top of the jsp page before the logout page: > > > response.setHeader("Cache-Control","no-store"); > response.setHeader("Pragma","no-cache"); > response.setDateHeader ("Expires", 0); > > This does not prevent the problem. I have tried "no-cache" instead of > "no-store". Still doesn't work. I have tried moving the code to the > servlet that drives this jsp (mvc). Still no luck. > > I have tried this with both Microsoft Explorer 5 and Netscape 6 on a Mac > and I can't get either to work. > > What am I doing wrong? How can I accomplish this? > > Thanks > Paul Phillips >
Hi Paul, AFAICR putting this tag in the head section of the page to not be cached <meta content="no-cache" http-equiv="Pragma"> forced IE 5 to always go to the network for the page, even on the highest caching setting. Combined with this http header: Cache-Control: no-cache I was able to prevent pages being cached, even when the browser was going via a proxy. -Janek __________________________________________________ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>