We help IT Professionals succeed at work.

User logged in as user A, but shown as user B

rospcc
rospcc asked
on
Medium Priority
271 Views
Last Modified: 2013-11-24
Hi,

I have a JSP application running on Tomcat server 4.1.31.
We have issue with the application as stated below:
First user logged in as user “A”. After he logged out, user “B” logged in, however system will show that the user is logged in as the previous user “A”.

It works perfectly in some network; however it doesn’t work as it should be in other network. It has this problem only in certain network or ISP configuration.
We noticed those computers in the network that has problem with “tracert” command has issue in our JSP application.

Please see the following link for detailed explanation, screen shot of the "tracert" and the sample JSP codes
http://s18.yousendit.com/d.aspx?id=1JKZQ21Y0B6N40TFYOOA46Q1UF

Please advise, Thanks.
Comment
Watch Question

CERTIFIED EXPERT
Top Expert 2004
Commented:
Sounds like a caching issue

put this in your JSP:

<%
        // Set to expire far in the past.
        response.setHeader("Expires", "Sat, 6 May 1995 12:00:00 GMT");
        // Set standard HTTP/1.1 no-cache headers.
        response.setHeader("Cache-Control", "no-store, no-cache, must-revalidate");
        // Set IE extended HTTP/1.1 no-cache headers (use addHeader).
        response.addHeader("Cache-Control", "post-check=0, pre-check=0");
        // Set standard HTTP/1.0 no-cache header.
        response.setHeader("Pragma", "no-cache");
%>

or, implement a filter to do the same thing to each request...

Tim

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
CERTIFIED EXPERT
Top Expert 2004

Commented:
I assume the machine that User A and User B are using is using some sort of web-proxy which is caching the results of the page the first time it is accessed, and returning that cache the second time...

Tim

Author

Commented:
Thanks for the reply Tim.

I thought it has to do with the company's caching configuration too.

Will try the codes that you've proposed.
Will the codes be able to omit the whatever web-proxy settings that the company set?
Mayank SPrincipal Technologist
CERTIFIED EXPERT

Commented:
>> Will the codes be able to omit the whatever web-proxy settings that the company set?

Yes. It will show 'Warning: Page has expired' if the user clicks on back/ forward, and will force the browser to request for a newer version of the page if an already-visited URL is being visited again.
CERTIFIED EXPERT
Top Expert 2004

Commented:
>> Yes. It will show 'Warning: Page has expired' if the user clicks on back/ forward

I thought it *should* just request a new copy of the page...  no "Page has expired" message...
Mayank SPrincipal Technologist
CERTIFIED EXPERT

Commented:
On back and forward, perhaps yes. Or maybe you need a "-1" instead of a "0" for that. Will check.

Author

Commented:
I've just made some testing to the application. Actually, it causes the issue even at HTML level without involving JSP or JavaBean.
My test was as follows:
1. I created one test.html with text "test page"
2. I go to the client computer and view the page, and view the correct text "test page"
3. I go to the server and change to "test page NEW"
4. I go back to the client computer and refresh the page, I still see the old "test page"
    - I've cleared all the cache from client's computer (Internet Option)
    - I've cleared all the Tomcat's cache (Work folder) from the server computer
    - I've tried to F5 refreshed umpteen times
5. The funny thing is that, it shows the correct page "test page NEW" after sometime (30 min). Is it only been shown after the client's network released the cache?

Is the client's network caching any HTML pages? How do we clear the client's network cache?
For the .JSP page, I did try to do System.out.println. It reflected the changes in the Tomcat status screen. However the textbox value doesn't change.

What could be the cause of this weird issue?
CERTIFIED EXPERT
Top Expert 2004

Commented:
>> How do we clear the client's network cache?

http:Q_21791973.html#16311245

put this in your JSP:

<%
        // Set to expire far in the past.
        response.setHeader("Expires", "Sat, 6 May 1995 12:00:00 GMT");
        // Set standard HTTP/1.1 no-cache headers.
        response.setHeader("Cache-Control", "no-store, no-cache, must-revalidate");
        // Set IE extended HTTP/1.1 no-cache headers (use addHeader).
        response.addHeader("Cache-Control", "post-check=0, pre-check=0");
        // Set standard HTTP/1.0 no-cache header.
        response.setHeader("Pragma", "no-cache");
%>

Author

Commented:
I've tried the codes that you've proposed, however it doesn't work for my case.
Now the issue exist even though it doesn't involve the JSP page.  
CERTIFIED EXPERT
Top Expert 2004

Commented:
>> Now the issue exist even though it doesn't involve the JSP page.  

You mean it's caching html pages?

Yeah, that's what caching proxies do.  As html tends to be static, they cache the pages to save on bandwidth costs to the company (as they do not have to send the request out to the website, and retrieve the page every time someone looks at it)

Typically, they will cache a page for no more than 24 hours before getting a (possibly new) copy again from the actual webserver.

Sometimes the proxy will check the last modified date on a page before fetching it, but not always

Did that code fix it for the JSPs?

Tim
Mayank SPrincipal Technologist
CERTIFIED EXPERT

Commented:
Try this simple bit of code in the JSP:

response.setHeader ( "Pragma", "no-cache" ) ;
response.setDateHeader ( "Expires", 0 ) ;
response.setHeader ( "Cache-Control", "no-cache" ) ;

Author

Commented:
I've tried it again and it works perfectly now with the codes advised by TimYates below:
<%
        // Set to expire far in the past.
        response.setHeader("Expires", "Sat, 6 May 1995 12:00:00 GMT");
        // Set standard HTTP/1.1 no-cache headers.
        response.setHeader("Cache-Control", "no-store, no-cache, must-revalidate");
        // Set IE extended HTTP/1.1 no-cache headers (use addHeader).
        response.addHeader("Cache-Control", "post-check=0, pre-check=0");
        // Set standard HTTP/1.0 no-cache header.
        response.setHeader("Pragma", "no-cache");
%>

I created 3 simple pages: login.jsp, welcome.jsp and logout.jsp.
I implemented the "clear cache" codes above, on login.jsp and logout.jsp, it works like a charm.

TimYates, Is it necessary for me to implement in all pages?
Referring to the case above, do I need to implement into all the 3 pages?

Thanks Everybody.
Mayank SPrincipal Technologist
CERTIFIED EXPERT

Commented:
I usually do it in an abstract base servlet (which all other servlets extend).
CERTIFIED EXPERT
Top Expert 2004

Commented:
I usually do it in a listener, so all ".jsp" or ".do" requests have it in the header...

Tim

Author

Commented:
Pardon my ignorance.
Just want to confirm whether is listener a Java class?
Do you mind showing me how do you put the commands in the listener?

Thanks
CERTIFIED EXPERT
Top Expert 2004

Commented:
Add the .class compiled from this to WEB-INF/classes/myapp

package myapp ;


import javax.servlet.* ;
import javax.servlet.http.* ;

public class LoggedInFilter implements Filter
{
  public void doFilter( final ServletRequest request, final ServletResponse response, FilterChain chain ) throws ServletException
  {
    HttpServletRequest req = (HttpServletRequest)request ;
    HttpServletResponse res = (HttpServletResponse)response ;

    res.setHeader("Expires", "Sat, 6 May 1995 12:00:00 GMT");
    res.setHeader("Cache-Control", "no-store, no-cache, must-revalidate");
    res.addHeader("Cache-Control", "post-check=0, pre-check=0");
    res.setHeader("Pragma", "no-cache");
    chain.doFilter( request, response ) ;
  }
}

Then add this to web.xml:

  <filter>
    <filter-name>requestfilter</filter-name>
    <filter-class>myapp.RequestFilter</filter-class>
  </filter>
  <filter-mapping>
    <filter-name>requestfilter</filter-name>
    <url-pattern>*.jsp</url-pattern>
  </filter-mapping>

That should add the cche busting code to every jsp request...

Tim
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.