Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 255
  • Last Modified:

User logged in as user A, but shown as user B

Hi,

I have a JSP application running on Tomcat server 4.1.31.
We have issue with the application as stated below:
First user logged in as user “A”. After he logged out, user “B” logged in, however system will show that the user is logged in as the previous user “A”.

It works perfectly in some network; however it doesn’t work as it should be in other network. It has this problem only in certain network or ISP configuration.
We noticed those computers in the network that has problem with “tracert” command has issue in our JSP application.

Please see the following link for detailed explanation, screen shot of the "tracert" and the sample JSP codes
http://s18.yousendit.com/d.aspx?id=1JKZQ21Y0B6N40TFYOOA46Q1UF

Please advise, Thanks.
0
rospcc
Asked:
rospcc
  • 7
  • 5
  • 4
1 Solution
 
TimYatesCommented:
Sounds like a caching issue

put this in your JSP:

<%
        // Set to expire far in the past.
        response.setHeader("Expires", "Sat, 6 May 1995 12:00:00 GMT");
        // Set standard HTTP/1.1 no-cache headers.
        response.setHeader("Cache-Control", "no-store, no-cache, must-revalidate");
        // Set IE extended HTTP/1.1 no-cache headers (use addHeader).
        response.addHeader("Cache-Control", "post-check=0, pre-check=0");
        // Set standard HTTP/1.0 no-cache header.
        response.setHeader("Pragma", "no-cache");
%>

or, implement a filter to do the same thing to each request...

Tim
0
 
TimYatesCommented:
I assume the machine that User A and User B are using is using some sort of web-proxy which is caching the results of the page the first time it is accessed, and returning that cache the second time...

Tim
0
 
rospccAuthor Commented:
Thanks for the reply Tim.

I thought it has to do with the company's caching configuration too.

Will try the codes that you've proposed.
Will the codes be able to omit the whatever web-proxy settings that the company set?
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
Mayank SAssociate Director - Product EngineeringCommented:
>> Will the codes be able to omit the whatever web-proxy settings that the company set?

Yes. It will show 'Warning: Page has expired' if the user clicks on back/ forward, and will force the browser to request for a newer version of the page if an already-visited URL is being visited again.
0
 
TimYatesCommented:
>> Yes. It will show 'Warning: Page has expired' if the user clicks on back/ forward

I thought it *should* just request a new copy of the page...  no "Page has expired" message...
0
 
Mayank SAssociate Director - Product EngineeringCommented:
On back and forward, perhaps yes. Or maybe you need a "-1" instead of a "0" for that. Will check.
0
 
rospccAuthor Commented:
I've just made some testing to the application. Actually, it causes the issue even at HTML level without involving JSP or JavaBean.
My test was as follows:
1. I created one test.html with text "test page"
2. I go to the client computer and view the page, and view the correct text "test page"
3. I go to the server and change to "test page NEW"
4. I go back to the client computer and refresh the page, I still see the old "test page"
    - I've cleared all the cache from client's computer (Internet Option)
    - I've cleared all the Tomcat's cache (Work folder) from the server computer
    - I've tried to F5 refreshed umpteen times
5. The funny thing is that, it shows the correct page "test page NEW" after sometime (30 min). Is it only been shown after the client's network released the cache?

Is the client's network caching any HTML pages? How do we clear the client's network cache?
For the .JSP page, I did try to do System.out.println. It reflected the changes in the Tomcat status screen. However the textbox value doesn't change.

What could be the cause of this weird issue?
0
 
TimYatesCommented:
>> How do we clear the client's network cache?

http:Q_21791973.html#16311245

put this in your JSP:

<%
        // Set to expire far in the past.
        response.setHeader("Expires", "Sat, 6 May 1995 12:00:00 GMT");
        // Set standard HTTP/1.1 no-cache headers.
        response.setHeader("Cache-Control", "no-store, no-cache, must-revalidate");
        // Set IE extended HTTP/1.1 no-cache headers (use addHeader).
        response.addHeader("Cache-Control", "post-check=0, pre-check=0");
        // Set standard HTTP/1.0 no-cache header.
        response.setHeader("Pragma", "no-cache");
%>
0
 
rospccAuthor Commented:
I've tried the codes that you've proposed, however it doesn't work for my case.
Now the issue exist even though it doesn't involve the JSP page.  
0
 
TimYatesCommented:
>> Now the issue exist even though it doesn't involve the JSP page.  

You mean it's caching html pages?

Yeah, that's what caching proxies do.  As html tends to be static, they cache the pages to save on bandwidth costs to the company (as they do not have to send the request out to the website, and retrieve the page every time someone looks at it)

Typically, they will cache a page for no more than 24 hours before getting a (possibly new) copy again from the actual webserver.

Sometimes the proxy will check the last modified date on a page before fetching it, but not always

Did that code fix it for the JSPs?

Tim
0
 
Mayank SAssociate Director - Product EngineeringCommented:
Try this simple bit of code in the JSP:

response.setHeader ( "Pragma", "no-cache" ) ;
response.setDateHeader ( "Expires", 0 ) ;
response.setHeader ( "Cache-Control", "no-cache" ) ;
0
 
rospccAuthor Commented:
I've tried it again and it works perfectly now with the codes advised by TimYates below:
<%
        // Set to expire far in the past.
        response.setHeader("Expires", "Sat, 6 May 1995 12:00:00 GMT");
        // Set standard HTTP/1.1 no-cache headers.
        response.setHeader("Cache-Control", "no-store, no-cache, must-revalidate");
        // Set IE extended HTTP/1.1 no-cache headers (use addHeader).
        response.addHeader("Cache-Control", "post-check=0, pre-check=0");
        // Set standard HTTP/1.0 no-cache header.
        response.setHeader("Pragma", "no-cache");
%>

I created 3 simple pages: login.jsp, welcome.jsp and logout.jsp.
I implemented the "clear cache" codes above, on login.jsp and logout.jsp, it works like a charm.

TimYates, Is it necessary for me to implement in all pages?
Referring to the case above, do I need to implement into all the 3 pages?

Thanks Everybody.
0
 
Mayank SAssociate Director - Product EngineeringCommented:
I usually do it in an abstract base servlet (which all other servlets extend).
0
 
TimYatesCommented:
I usually do it in a listener, so all ".jsp" or ".do" requests have it in the header...

Tim
0
 
rospccAuthor Commented:
Pardon my ignorance.
Just want to confirm whether is listener a Java class?
Do you mind showing me how do you put the commands in the listener?

Thanks
0
 
TimYatesCommented:
Add the .class compiled from this to WEB-INF/classes/myapp

package myapp ;


import javax.servlet.* ;
import javax.servlet.http.* ;

public class LoggedInFilter implements Filter
{
  public void doFilter( final ServletRequest request, final ServletResponse response, FilterChain chain ) throws ServletException
  {
    HttpServletRequest req = (HttpServletRequest)request ;
    HttpServletResponse res = (HttpServletResponse)response ;

    res.setHeader("Expires", "Sat, 6 May 1995 12:00:00 GMT");
    res.setHeader("Cache-Control", "no-store, no-cache, must-revalidate");
    res.addHeader("Cache-Control", "post-check=0, pre-check=0");
    res.setHeader("Pragma", "no-cache");
    chain.doFilter( request, response ) ;
  }
}

Then add this to web.xml:

  <filter>
    <filter-name>requestfilter</filter-name>
    <filter-class>myapp.RequestFilter</filter-class>
  </filter>
  <filter-mapping>
    <filter-name>requestfilter</filter-name>
    <url-pattern>*.jsp</url-pattern>
  </filter-mapping>

That should add the cche busting code to every jsp request...

Tim
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 7
  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now