rospcc
asked on
User logged in as user A, but shown as user B
Hi,
I have a JSP application running on Tomcat server 4.1.31.
We have issue with the application as stated below:
First user logged in as user “A”. After he logged out, user “B” logged in, however system will show that the user is logged in as the previous user “A”.
It works perfectly in some network; however it doesn’t work as it should be in other network. It has this problem only in certain network or ISP configuration.
We noticed those computers in the network that has problem with “tracert” command has issue in our JSP application.
Please see the following link for detailed explanation, screen shot of the "tracert" and the sample JSP codes
http://s18.yousendit.com/d.aspx?id=1JKZQ21Y0B6N40TFYOOA46Q1UF
Please advise, Thanks.
I have a JSP application running on Tomcat server 4.1.31.
We have issue with the application as stated below:
First user logged in as user “A”. After he logged out, user “B” logged in, however system will show that the user is logged in as the previous user “A”.
It works perfectly in some network; however it doesn’t work as it should be in other network. It has this problem only in certain network or ISP configuration.
We noticed those computers in the network that has problem with “tracert” command has issue in our JSP application.
Please see the following link for detailed explanation, screen shot of the "tracert" and the sample JSP codes
http://s18.yousendit.com/d.aspx?id=1JKZQ21Y0B6N40TFYOOA46Q1UF
Please advise, Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the reply Tim.
I thought it has to do with the company's caching configuration too.
Will try the codes that you've proposed.
Will the codes be able to omit the whatever web-proxy settings that the company set?
I thought it has to do with the company's caching configuration too.
Will try the codes that you've proposed.
Will the codes be able to omit the whatever web-proxy settings that the company set?
>> Will the codes be able to omit the whatever web-proxy settings that the company set?
Yes. It will show 'Warning: Page has expired' if the user clicks on back/ forward, and will force the browser to request for a newer version of the page if an already-visited URL is being visited again.
Yes. It will show 'Warning: Page has expired' if the user clicks on back/ forward, and will force the browser to request for a newer version of the page if an already-visited URL is being visited again.
>> Yes. It will show 'Warning: Page has expired' if the user clicks on back/ forward
I thought it *should* just request a new copy of the page... no "Page has expired" message...
I thought it *should* just request a new copy of the page... no "Page has expired" message...
On back and forward, perhaps yes. Or maybe you need a "-1" instead of a "0" for that. Will check.
ASKER
I've just made some testing to the application. Actually, it causes the issue even at HTML level without involving JSP or JavaBean.
My test was as follows:
1. I created one test.html with text "test page"
2. I go to the client computer and view the page, and view the correct text "test page"
3. I go to the server and change to "test page NEW"
4. I go back to the client computer and refresh the page, I still see the old "test page"
- I've cleared all the cache from client's computer (Internet Option)
- I've cleared all the Tomcat's cache (Work folder) from the server computer
- I've tried to F5 refreshed umpteen times
5. The funny thing is that, it shows the correct page "test page NEW" after sometime (30 min). Is it only been shown after the client's network released the cache?
Is the client's network caching any HTML pages? How do we clear the client's network cache?
For the .JSP page, I did try to do System.out.println. It reflected the changes in the Tomcat status screen. However the textbox value doesn't change.
What could be the cause of this weird issue?
My test was as follows:
1. I created one test.html with text "test page"
2. I go to the client computer and view the page, and view the correct text "test page"
3. I go to the server and change to "test page NEW"
4. I go back to the client computer and refresh the page, I still see the old "test page"
- I've cleared all the cache from client's computer (Internet Option)
- I've cleared all the Tomcat's cache (Work folder) from the server computer
- I've tried to F5 refreshed umpteen times
5. The funny thing is that, it shows the correct page "test page NEW" after sometime (30 min). Is it only been shown after the client's network released the cache?
Is the client's network caching any HTML pages? How do we clear the client's network cache?
For the .JSP page, I did try to do System.out.println. It reflected the changes in the Tomcat status screen. However the textbox value doesn't change.
What could be the cause of this weird issue?
>> How do we clear the client's network cache?
http:Q_21791973.html#16311245
put this in your JSP:
<%
// Set to expire far in the past.
response.setHeader("Expire s", "Sat, 6 May 1995 12:00:00 GMT");
// Set standard HTTP/1.1 no-cache headers.
response.setHeader("Cache- Control", "no-store, no-cache, must-revalidate");
// Set IE extended HTTP/1.1 no-cache headers (use addHeader).
response.addHeader("Cache- Control", "post-check=0, pre-check=0");
// Set standard HTTP/1.0 no-cache header.
response.setHeader("Pragma ", "no-cache");
%>
http:Q_21791973.html#16311245
put this in your JSP:
<%
// Set to expire far in the past.
response.setHeader("Expire
// Set standard HTTP/1.1 no-cache headers.
response.setHeader("Cache-
// Set IE extended HTTP/1.1 no-cache headers (use addHeader).
response.addHeader("Cache-
// Set standard HTTP/1.0 no-cache header.
response.setHeader("Pragma
%>
ASKER
I've tried the codes that you've proposed, however it doesn't work for my case.
Now the issue exist even though it doesn't involve the JSP page.
Now the issue exist even though it doesn't involve the JSP page.
>> Now the issue exist even though it doesn't involve the JSP page.
You mean it's caching html pages?
Yeah, that's what caching proxies do. As html tends to be static, they cache the pages to save on bandwidth costs to the company (as they do not have to send the request out to the website, and retrieve the page every time someone looks at it)
Typically, they will cache a page for no more than 24 hours before getting a (possibly new) copy again from the actual webserver.
Sometimes the proxy will check the last modified date on a page before fetching it, but not always
Did that code fix it for the JSPs?
Tim
You mean it's caching html pages?
Yeah, that's what caching proxies do. As html tends to be static, they cache the pages to save on bandwidth costs to the company (as they do not have to send the request out to the website, and retrieve the page every time someone looks at it)
Typically, they will cache a page for no more than 24 hours before getting a (possibly new) copy again from the actual webserver.
Sometimes the proxy will check the last modified date on a page before fetching it, but not always
Did that code fix it for the JSPs?
Tim
Try this simple bit of code in the JSP:
response.setHeader ( "Pragma", "no-cache" ) ;
response.setDateHeader ( "Expires", 0 ) ;
response.setHeader ( "Cache-Control", "no-cache" ) ;
response.setHeader ( "Pragma", "no-cache" ) ;
response.setDateHeader ( "Expires", 0 ) ;
response.setHeader ( "Cache-Control", "no-cache" ) ;
ASKER
I've tried it again and it works perfectly now with the codes advised by TimYates below:
<%
// Set to expire far in the past.
response.setHeader("Expire s", "Sat, 6 May 1995 12:00:00 GMT");
// Set standard HTTP/1.1 no-cache headers.
response.setHeader("Cache- Control", "no-store, no-cache, must-revalidate");
// Set IE extended HTTP/1.1 no-cache headers (use addHeader).
response.addHeader("Cache- Control", "post-check=0, pre-check=0");
// Set standard HTTP/1.0 no-cache header.
response.setHeader("Pragma ", "no-cache");
%>
I created 3 simple pages: login.jsp, welcome.jsp and logout.jsp.
I implemented the "clear cache" codes above, on login.jsp and logout.jsp, it works like a charm.
TimYates, Is it necessary for me to implement in all pages?
Referring to the case above, do I need to implement into all the 3 pages?
Thanks Everybody.
<%
// Set to expire far in the past.
response.setHeader("Expire
// Set standard HTTP/1.1 no-cache headers.
response.setHeader("Cache-
// Set IE extended HTTP/1.1 no-cache headers (use addHeader).
response.addHeader("Cache-
// Set standard HTTP/1.0 no-cache header.
response.setHeader("Pragma
%>
I created 3 simple pages: login.jsp, welcome.jsp and logout.jsp.
I implemented the "clear cache" codes above, on login.jsp and logout.jsp, it works like a charm.
TimYates, Is it necessary for me to implement in all pages?
Referring to the case above, do I need to implement into all the 3 pages?
Thanks Everybody.
I usually do it in an abstract base servlet (which all other servlets extend).
I usually do it in a listener, so all ".jsp" or ".do" requests have it in the header...
Tim
Tim
ASKER
Pardon my ignorance.
Just want to confirm whether is listener a Java class?
Do you mind showing me how do you put the commands in the listener?
Thanks
Just want to confirm whether is listener a Java class?
Do you mind showing me how do you put the commands in the listener?
Thanks
Add the .class compiled from this to WEB-INF/classes/myapp
package myapp ;
import javax.servlet.* ;
import javax.servlet.http.* ;
public class LoggedInFilter implements Filter
{
public void doFilter( final ServletRequest request, final ServletResponse response, FilterChain chain ) throws ServletException
{
HttpServletRequest req = (HttpServletRequest)reques t ;
HttpServletResponse res = (HttpServletResponse)respo nse ;
res.setHeader("Expires", "Sat, 6 May 1995 12:00:00 GMT");
res.setHeader("Cache-Contr ol", "no-store, no-cache, must-revalidate");
res.addHeader("Cache-Contr ol", "post-check=0, pre-check=0");
res.setHeader("Pragma", "no-cache");
chain.doFilter( request, response ) ;
}
}
Then add this to web.xml:
<filter>
<filter-name>requestfilter </filter-n ame>
<filter-class>myapp.Reques tFilter</f ilter-clas s>
</filter>
<filter-mapping>
<filter-name>requestfilter </filter-n ame>
<url-pattern>*.jsp</url-pa ttern>
</filter-mapping>
That should add the cche busting code to every jsp request...
Tim
package myapp ;
import javax.servlet.* ;
import javax.servlet.http.* ;
public class LoggedInFilter implements Filter
{
public void doFilter( final ServletRequest request, final ServletResponse response, FilterChain chain ) throws ServletException
{
HttpServletRequest req = (HttpServletRequest)reques
HttpServletResponse res = (HttpServletResponse)respo
res.setHeader("Expires", "Sat, 6 May 1995 12:00:00 GMT");
res.setHeader("Cache-Contr
res.addHeader("Cache-Contr
res.setHeader("Pragma", "no-cache");
chain.doFilter( request, response ) ;
}
}
Then add this to web.xml:
<filter>
<filter-name>requestfilter
<filter-class>myapp.Reques
</filter>
<filter-mapping>
<filter-name>requestfilter
<url-pattern>*.jsp</url-pa
</filter-mapping>
That should add the cche busting code to every jsp request...
Tim
Tim