Replacing soon- to-expire SSL Certificate

[Waylim Lee]

Hi all,
My SSL certificate is about to expire in several days.
I'm unsure how to go about replacing it once I get a new one from
Thawte.
Can I just import the new certificate into my existing alias/keystore or
do I have to delete the existing alias first?
If I delete an alias, does this function also get rid of the chain
certificate and the public key.
Thank you in advance.

Waylim Lee
Systems Analyst/DBA, Computer Resources
BC Institute of Technology
Ph:   604-432-8454
Fax: 604-439-6785
Email:  [EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Moving from http to https doesnt expire session

[Fabian Pena]

Thank Bob.
Yes, I think an invalidate and then a request.getSession(true) doesn't work.
Do you know if there are some other options, or a tomcat setting to do this?
The only solution that i found at this moment, was set a diferent domain 
name for http and https.

As you see, me english is not good.
greetings
Fabian
Bob Feretich wrote:
If you start a session under http, Tomcat will maintain the session into 
https. This is the desired behavior for most users. Most e-commerce 
sites use "shopping cart" models and don't switch to https until you 
want to check out. If the session was changed on the transition, you 
would lose the shopping cart contents just as it was time to pay. Also, 
maintaining the session from http to https does not create a security 
hazard.

Tomcat does not permit a session to be maintained across a https to http 
transition for security reasons.

To force a session to expire when moving from http to https...
For https pages, at the top of your servlet/jsp, where request is the 
HttpServletRequest object. Insert...
   if (!request.isSecure() ) // not needed if page is a secure resource
   {code to redirect back to the same page under https}
   // get the browser's cookies
   Cookie[] cookies = request.getCookies();
   if (cookies==null)
   {code to tell user to enable cookies}
   // check session
   HttpSession session = request.getSession(false);
   if (session!=null) {
  // Find the JSESSIONID cookie
  for (int i=0; i
 if ("JSESSIONID".equals(cookies[i].getName() ) ) {
if (!cookies[i].getsecure() ) {
   // invalidate non-secure session
   session().invalidate();
   // see below Note 1.
   break;
} // if cookie[]
 } // if found cookie
  } // for i
   } // if session
   session = request.getSession(true);

Note 1. At this spot in my servlet, I have code to redirect back to the 
sevlet under https. It shouldn't be required, but I may have suspected 
that session.invalidate() immediately followed by a 
request.getSession(true) didn't work.

Hope this helps.
Bob Feretich
Subject: Moving from http to https doesnt expire session
From:Fabian Pena <[EMAIL PROTECTED]>
Date:Mon, 02 May 2005 09:54:29 -0300
To:tomcat-user@jakarta.apache.org
hi all
I have a simple question, at least I think that.
I am developing an applicatin that contains confidential information,
and I'm having a simple problem.
when a user move from http to https de session doesnt expire, the
jsessionid is the same.
I want generate a new session and of course change de jsessionid in the
first https request.
Any one can help me.
Thanks in advance
Fabian 


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Moving from http to https doesnt expire session

[Bob Feretich]

If you start a session under http, Tomcat will maintain the session into 
https. This is the desired behavior for most users. Most e-commerce 
sites use "shopping cart" models and don't switch to https until you 
want to check out. If the session was changed on the transition, you 
would lose the shopping cart contents just as it was time to pay. Also, 
maintaining the session from http to https does not create a security 
hazard.

Tomcat does not permit a session to be maintained across a https to http 
transition for security reasons.

To force a session to expire when moving from http to https...
For https pages, at the top of your servlet/jsp, where request is the 
HttpServletRequest object. Insert...
   if (!request.isSecure() ) // not needed if page is a secure resource
   {code to redirect back to the same page under https}
   // get the browser's cookies
   Cookie[] cookies = request.getCookies();
   if (cookies==null)
   {code to tell user to enable cookies}
   // check session
   HttpSession session = request.getSession(false);
   if (session!=null) {
  // Find the JSESSIONID cookie
  for (int i=0; i
 if ("JSESSIONID".equals(cookies[i].getName() ) ) {
if (!cookies[i].getsecure() ) {
   // invalidate non-secure session
   session().invalidate();
   // see below Note 1.
   break;
} // if cookie[]
 } // if found cookie
  } // for i
   } // if session
   session = request.getSession(true);

Note 1. At this spot in my servlet, I have code to redirect back to the 
sevlet under https. It shouldn't be required, but I may have suspected 
that session.invalidate() immediately followed by a 
request.getSession(true) didn't work.

Hope this helps.
Bob Feretich
Subject: Moving from http to https doesnt expire session
From:Fabian Pena <[EMAIL PROTECTED]>
Date:Mon, 02 May 2005 09:54:29 -0300
To:tomcat-user@jakarta.apache.org
hi all
I have a simple question, at least I think that.
I am developing an applicatin that contains confidential information,
and I'm having a simple problem.
when a user move from http to https de session doesnt expire, the
jsessionid is the same.
I want generate a new session and of course change de jsessionid in the
first https request.
Any one can help me.
Thanks in advance
Fabian 


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Moving from http to https doesnt expire session

[Fabian Pena]

hi all
I have a simple question, at least I think that.
I am developing an applicatin that contains confidential information,
and I'm having a simple problem.
when a user move from http to https de session doesnt expire, the
jsessionid is the same.
I want generate a new session and of course change de jsessionid in the
first https request.
Any one can help me.
Thanks in advance
Fabian
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Frequent session expire in Tomcat 4.1.27

[Shapira, Yoav]

Hi,
Check the Servlet Specification section on the Deployment Descriptor
(web.xml) contents -- I think it's chapter 12 or 13.  You'll see the
 tag which specifies the timeout in minutes for
inactive sessions.  It's 30 minutues by default but you can have it as
long as you want.

Yoav Shapira
Millennium Research Informatics


>-Original Message-
>From: Arun Prasad R [mailto:[EMAIL PROTECTED]
>Sent: Thursday, September 09, 2004 1:15 AM
>To: Tomcat Users List
>Subject: Re: Frequent session expire in Tomcat 4.1.27
>
>hi
>
>let me some sample in this regard. im new to tomcat
>pls help me
>
>arun
>
>
>On Wed, 8 Sep 2004 23:00:47 -0500, Filip Hanik (lists)
><[EMAIL PROTECTED]> wrote:
>> you do that in your own web.xml file
>> see a tutorial on web.xml /servlets
>>
>> -Original Message-
>> From: Arun Prasad R [mailto:[EMAIL PROTECTED]
>> Sent: Wednesday, September 08, 2004 10:59 PM
>> To: Tomcat Users List
>> Subject: Frequent session expire in Tomcat 4.1.27
>>
>> hi
>>
>> i experience frequent session expire in Tomcat 4.1.27. is there any
>> way to extend the expiry time in server configuration.
>>
>> Thanks in Advance,
>> Arun
>>
>> -
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>> ---
>> Incoming mail is certified Virus Free.
>> Checked by AVG anti-virus system (http://www.grisoft.com).
>> Version: 6.0.752 / Virus Database: 503 - Release Date: 9/3/2004
>>
>> ---
>> Outgoing mail is certified Virus Free.
>> Checked by AVG anti-virus system (http://www.grisoft.com).
>> Version: 6.0.752 / Virus Database: 503 - Release Date: 9/3/2004
>>
>> -
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>
>-
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]




This e-mail, including any attachments, is a confidential business communication, and 
may contain information that is confidential, proprietary and/or privileged.  This 
e-mail is intended only for the individual(s) to whom it is addressed, and may not be 
saved, copied, printed, disclosed or used by anyone else.  If you are not the(an) 
intended recipient, please immediately delete this e-mail from your computer system 
and notify the sender.  Thank you.


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Frequent session expire in Tomcat 4.1.27

[Arun Prasad R]

hi

let me some sample in this regard. im new to tomcat
pls help me

arun


On Wed, 8 Sep 2004 23:00:47 -0500, Filip Hanik (lists)
<[EMAIL PROTECTED]> wrote:
> you do that in your own web.xml file
> see a tutorial on web.xml /servlets
> 
> -Original Message-
> From: Arun Prasad R [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, September 08, 2004 10:59 PM
> To: Tomcat Users List
> Subject: Frequent session expire in Tomcat 4.1.27
> 
> hi
> 
> i experience frequent session expire in Tomcat 4.1.27. is there any
> way to extend the expiry time in server configuration.
> 
> Thanks in Advance,
> Arun
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> ---
> Incoming mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.752 / Virus Database: 503 - Release Date: 9/3/2004
> 
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.752 / Virus Database: 503 - Release Date: 9/3/2004
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 
>

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Frequent session expire in Tomcat 4.1.27

[Filip Hanik \(lists\)]

you do that in your own web.xml file
see a tutorial on web.xml /servlets

-Original Message-
From: Arun Prasad R [mailto:[EMAIL PROTECTED]
Sent: Wednesday, September 08, 2004 10:59 PM
To: Tomcat Users List
Subject: Frequent session expire in Tomcat 4.1.27


hi

i experience frequent session expire in Tomcat 4.1.27. is there any
way to extend the expiry time in server configuration.

Thanks in Advance,
Arun

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.752 / Virus Database: 503 - Release Date: 9/3/2004

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.752 / Virus Database: 503 - Release Date: 9/3/2004


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Frequent session expire in Tomcat 4.1.27

[Arun Prasad R]

hi

i experience frequent session expire in Tomcat 4.1.27. is there any
way to extend the expiry time in server configuration.

Thanks in Advance,
Arun

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

POSTed pages expire in IE?

[Jason McCormick]

  I'm working on an upgrade from Tomcat 3 to Tomcat 4.1.12 and I've run into a 
curious problem.  The scenraio is a user enters data into a form and the 
server returns a results page.  On that results page, a list of matches is 
presented and the user can click on one to view details.  With the 
application running on Tomcat 3.2 the user could click the back button and 
the previous page with the hits would be viewable in the cache on the 
browser.  With 4.1.12, the user can no longer hit the back button.  When back 
is pressed, IE displays a page that says that the page content has expered 
that that it won't automatically repost the request for security reason.  
Rolling back to 3.2 fixed this error.  The fact that it works in 3.2 makes it 
sound as if this is a configuration issue with Tomcat 4.1.12.  Can someone 
point me in the right direction?

Thanks!

-- 
Jason McCormick
Network/Systems Administrator
Lexi-Comp, Inc.
Phone: 330-650-6506 x239
Fax: 330-656-4307
Email: [EMAIL PROTECTED]

Public Key: http://bamboo.lexi.com/~jmccormick/public-keys.php


--
To unsubscribe, e-mail:   
For additional commands, e-mail: 

Can Tomcat 4.03 expire web pages

[Steve Russell]

Hi;

My boss wants to "expire" our jsp pages.

In other words, if a user hits backspace, instead of getting the jsp 
page s/he just left s/he would see a notice that the page expired.

I've seen snippets of code to do this on google, but I haven't been able 
to get them to work.

Can Tomcat 4.03 "expire" web pages or do I need a webserver with Tomcat 
to do this?

Also if someone could show me an example of how do this, with the 
example of being a whole html/jsp page I would appreciate it.

Thanks in advance

Steve


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Re: Can Tomcat 4.03 expire web pages

[peter lin]

set your pages to no-cache, which forces the browser to always get it
from the server. Is that what you're looking for?

peter


Steve Russell wrote:
> 
> Hi;
> 
> My boss wants to "expire" our jsp pages.
> 
> In other words, if a user hits backspace, instead of getting the jsp
> page s/he just left s/he would see a notice that the page expired.
> 
> I've seen snippets of code to do this on google, but I haven't been able
> to get them to work.
> 
> Can Tomcat 4.03 "expire" web pages or do I need a webserver with Tomcat
> to do this?
> 
> Also if someone could show me an example of how do this, with the
> example of being a whole html/jsp page I would appreciate it.
> 
> Thanks in advance
> 
> Steve
> 
> --
> To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

expire page after form submission

[lloyd]

I'm having some trouble with users pressing the browser back button
after submitting a form, entering more data and attempting to resubmit.

Is it possible to expire the form page immediately after it's submitted?

I tried adding:






...to no avail.


I'm running Tomcat 4 on Linux, and I've tested with IE and Mozilla with
same results.  The page is generated with a Velocity servlet.


Thanks





--
To unsubscribe:   <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>

Re: How to expire?

[Luc Vanlerberghe]

raj wrote:

>> The user-experience stays the same: When the user access any url in 
>> the protected area, the login page will pop up and after he provides 
>> correct information he will be directed to the page he requested.
>> For Tomcat 3, just make sure the login page is outside the protected 
>> area, for tomcat 4 it does not matter.
>>
>> Luc Vanlerberghe
>>
>
> Hi Luc,
>
> I tried form based login by just disabling  BASIC and adding FORM (as 
> below) to my web.xml file:
>  
>
>   ClaroLogic
>   FORM
>   
>  /LoginForm.html
>  /LoginError.html
>   
>   
>
> But I end up getting a 404 error always (with the browser URL reading: 
> http://192.168.0.20/testservlet/j_security_check)
>
> I tried putting LoginForm.html and LoginError.html at the webapps 
> level (and chaged the web.xml) as below:
>
>   
>  /../LoginForm.html
>  /../LoginError.html
>   
>
> But now I get the 404 error with the URL reading 
> (http://192.168.0.20/j_security_check).
>
>
> Aaaahhh!
>
> Tomcat version is 3.2.3. Any ideas/suggestions would be gratefully 
> gobbled. I cannot use 4.0 because
> Cloudscape (the D/base) does not work with 4.0.
>
> Aaaahhh! (again)
>
> Cheers
> -raj
>
The login page should be in your webapp, but outside the protected area. 
 If you are using an apache/tomcat combination, make sure apache sends 
the "j_security_check" to tomcat and not only *.jsp

Luc

Re: How to expire?

[twrichter]

Hi,

it seems that you have a similar problem than mine (not with basic auth but with 
JDBCRealm, see thread below). The cookie in Mozilla and Netscape is still there. I 
have to close the browser window or to delete the cookie manually. Stange enough the 
routine works with IE 5. Could it be a browser problem?

Regards
Thomas

>:-) As sceptical as one can be! (-:<



--
Personalise your email address at http://another.com
THINK: your slogan or email address on a gorgeous mousemat
CLICK HERE http://another-shop.com

Re: How to expire?

[raj]

> The user-experience stays the same: When the user access any url in 
> the protected area, the login page will pop up and after he provides 
> correct information he will be directed to the page he requested.
> For Tomcat 3, just make sure the login page is outside the protected 
> area, for tomcat 4 it does not matter.
>
> Luc Vanlerberghe
>

Hi Luc,

I tried form based login by just disabling  BASIC and adding FORM (as 
below) to my web.xml file:
  
  
   
   ClaroLogic
   FORM
   
  /LoginForm.html
  /LoginError.html
   
   

But I end up getting a 404 error always (with the browser URL reading: 
http://192.168.0.20/testservlet/j_security_check)

I tried putting LoginForm.html and LoginError.html at the webapps level 
(and chaged the web.xml) as below:

   
  /../LoginForm.html
  /../LoginError.html
   

But now I get the 404 error with the URL reading 
(http://192.168.0.20/j_security_check).


Aaaahhh!

Tomcat version is 3.2.3. Any ideas/suggestions would be gratefully 
gobbled. I cannot use 4.0 because
Cloudscape (the D/base) does not work with 4.0.

Aaaahhh! (again)

Cheers
-raj

Re: How to expire?

[Luc Vanlerberghe]

raj wrote:

> I have set the session expiry time in my Test
> servlet to 10 secs (BASIC auth., using JDBC realm).
>
> But when I type in the URL in the browser
> (IE5/6, Mozilla, Netscape 4.x etc), the login window
> does not reappear but request goes straight to the
> servlet in question.
>
> I even tried to invalidate the session cookie using a "logout" link
> in the tes servlet, but to no avail.
>
> Only if the browser is destroyed does the login window reappear.
>
> Any idea to force a login after a certain interval of time?
>
> Cheers
> -raj

If you are using BASIC authentication, then your browser will send your 
credentials with every request.  There's no way to 'log off' short of 
closing the browser.

If in the mean time the session has died at the server end, the server 
will see a new request with correct credentials and create a new session 
(Test this by putting a session.getId() in your jsp or servlet 
somewhere) .  Since the browser already gave the credentials, no login 
screen will be shown.

Try the same using FORM-based authentication.  In that case the 
session-id is either stored in a cookie or encoded in the url.  If the 
session dies at the server, a request will have an invalid session-id 
and the user will be prompted for his username/password again.
It is possible to switch to FORM-based login without changing anything 
in your web-app.  Simply create a page with the correct  and 
 elements and modify your web.xml
The user-experience stays the same: When the user access any url in the 
protected area, the login page will pop up and after he provides correct 
information he will be directed to the page he requested.
For Tomcat 3, just make sure the login page is outside the protected 
area, for tomcat 4 it does not matter.

Luc Vanlerberghe

Re: How to expire?

[raj]

Yep, I am doing that currently to set expiry time
and obviously it does not work.

Cheers
-raj

>try this one :
>
>session.setMaxInactiveInterval();
>
>regards,
>Chintan
>
>-Original Message-
>From: raj [mailto:[EMAIL PROTECTED]]
>Sent: Monday, October 22, 2001 6:20 PM
>To: [EMAIL PROTECTED]
>Subject: How to expire?
>
>
>I have set the session expiry time in my Test
>servlet to 10 secs (BASIC auth., using JDBC realm).
>
>But when I type in the URL in the browser
>(IE5/6, Mozilla, Netscape 4.x etc), the login window
>does not reappear but request goes straight to the
>servlet in question.
>
>I even tried to invalidate the session cookie using a "logout" link
>in the tes servlet, but to no avail.
>
>Only if the browser is destroyed does the login window reappear.
>
>Any idea to force a login after a certain interval of time?
>
>Cheers
>-raj
>

RE: How to expire?

[Shah, Chintan V (Chintan)]

try this one :

session.setMaxInactiveInterval();

regards,
Chintan

-Original Message-
From: raj [mailto:[EMAIL PROTECTED]]
Sent: Monday, October 22, 2001 6:20 PM
To: [EMAIL PROTECTED]
Subject: How to expire?


I have set the session expiry time in my Test
servlet to 10 secs (BASIC auth., using JDBC realm).

But when I type in the URL in the browser
(IE5/6, Mozilla, Netscape 4.x etc), the login window
does not reappear but request goes straight to the
servlet in question.

I even tried to invalidate the session cookie using a "logout" link
in the tes servlet, but to no avail.

Only if the browser is destroyed does the login window reappear.

Any idea to force a login after a certain interval of time?

Cheers
-raj

How to expire?

[raj]

I have set the session expiry time in my Test
servlet to 10 secs (BASIC auth., using JDBC realm).

But when I type in the URL in the browser
(IE5/6, Mozilla, Netscape 4.x etc), the login window
does not reappear but request goes straight to the
servlet in question.

I even tried to invalidate the session cookie using a "logout" link
in the tes servlet, but to no avail.

Only if the browser is destroyed does the login window reappear.

Any idea to force a login after a certain interval of time?

Cheers
-raj

RE: expire

[Randy Layman]

The only way that I have found to do this is to use some JavaScript
to force the page to reload itself when the back button is pressed (use a
combination of onLoad and onUnload event handlers - be careful, if you mess
it up you will create an infinite reload loop).

Randy


> -Original Message-
> From: Alistair Hopkins [mailto:[EMAIL PROTECTED]]
> Sent: Friday, March 16, 2001 3:58 AM
> To: [EMAIL PROTECTED]
> Subject: RE: expire
> 
> 
> response.setHeader("Cache-Control","no-cache");
> response.setHeader("Pragma","no-cache");
> response.setHeader("Expires","Tue, 01 Jan 1980 1:00:00
> GMT");
> 
> covers various browsers and os's and the like, but it still 
> seems to get
> cached, particularly in ie 5, for unknown reasons and to an 
> intermittent
> schedule :-(
> 
> -Original Message-
> From: Heijns, P.J.B. [mailto:[EMAIL PROTECTED]]
> Sent: Friday, March 16, 2001 8:54 AM
> To: [EMAIL PROTECTED]
> Subject: expire
> 
> 
> Hi,
> 
> Does anyone know how I can expire a JSP page? I want that if 
> you leave the
> JSP page it immediately expires, so that the users can't use 
> the back button
> in there browser to go to the previous page.
> 
> Thank u,
> 
> Pieter Heijms
> 

AW: expire

[Thomas Bezdicek]

Hi,

as I found somewhere in the No-ledgebase of microsoft i found
a document describing exactly that kind of problem. The problem
is that IE is using a 64 kb internal cache which is not affected
by any pragma's, expires or cache-controls. the solution microsoft
offered (which is no solution in my opinion) is to make two html-
tags.

regards, tom

-Ursprüngliche Nachricht-
Von: Alistair Hopkins [mailto:[EMAIL PROTECTED]]
Gesendet: Freitag, 16. März 2001 11:42
An: [EMAIL PROTECTED]
Betreff: RE: expire


i warned you about ie...

it will prevent it from being reloaded from saved history, however.

i never solved it and i tried very hard.  keep me informed :-)

-Original Message-
From: Heijns, P.J.B. [mailto:[EMAIL PROTECTED]]
Sent: Friday, March 16, 2001 10:00 AM
To: '[EMAIL PROTECTED]'
Subject: RE: expire


I tried, but it doesn't work. If I push the back button in my browser, the
page isn't expired or correctly resfreshed. So I see the same previous page
where I was before. I used IE, in netscape it works correctly.

Grtz Pieter

-Original Message-
From: Alistair Hopkins [mailto:[EMAIL PROTECTED]]
Sent: vrijdag 16 maart 2001 9:58
To: [EMAIL PROTECTED]
Subject: RE: expire


response.setHeader("Cache-Control","no-cache");
response.setHeader("Pragma","no-cache");
response.setHeader("Expires","Tue, 01 Jan 1980 1:00:00
GMT");

covers various browsers and os's and the like, but it still seems to get
cached, particularly in ie 5, for unknown reasons and to an intermittent
schedule :-(

-Original Message-
From: Heijns, P.J.B. [mailto:[EMAIL PROTECTED]]
Sent: Friday, March 16, 2001 8:54 AM
To: [EMAIL PROTECTED]
Subject: expire


Hi,

Does anyone know how I can expire a JSP page? I want that if you leave the
JSP page it immediately expires, so that the users can't use the back button
in there browser to go to the previous page.

Thank u,

Pieter Heijms

RE: expire

[Alistair Hopkins]

i warned you about ie...

it will prevent it from being reloaded from saved history, however.

i never solved it and i tried very hard.  keep me informed :-)

-Original Message-
From: Heijns, P.J.B. [mailto:[EMAIL PROTECTED]]
Sent: Friday, March 16, 2001 10:00 AM
To: '[EMAIL PROTECTED]'
Subject: RE: expire


I tried, but it doesn't work. If I push the back button in my browser, the
page isn't expired or correctly resfreshed. So I see the same previous page
where I was before. I used IE, in netscape it works correctly.

Grtz Pieter

-Original Message-
From: Alistair Hopkins [mailto:[EMAIL PROTECTED]]
Sent: vrijdag 16 maart 2001 9:58
To: [EMAIL PROTECTED]
Subject: RE: expire


response.setHeader("Cache-Control","no-cache");
response.setHeader("Pragma","no-cache");
response.setHeader("Expires","Tue, 01 Jan 1980 1:00:00
GMT");

covers various browsers and os's and the like, but it still seems to get
cached, particularly in ie 5, for unknown reasons and to an intermittent
schedule :-(

-Original Message-
From: Heijns, P.J.B. [mailto:[EMAIL PROTECTED]]
Sent: Friday, March 16, 2001 8:54 AM
To: [EMAIL PROTECTED]
Subject: expire


Hi,

Does anyone know how I can expire a JSP page? I want that if you leave the
JSP page it immediately expires, so that the users can't use the back button
in there browser to go to the previous page.

Thank u,

Pieter Heijms

RE: expire

[Heijns, P.J.B.]

I tried, but it doesn't work. If I push the back button in my browser, the
page isn't expired or correctly resfreshed. So I see the same previous page
where I was before. I used IE, in netscape it works correctly.

Grtz Pieter

-Original Message-
From: Alistair Hopkins [mailto:[EMAIL PROTECTED]]
Sent: vrijdag 16 maart 2001 9:58
To: [EMAIL PROTECTED]
Subject: RE: expire


response.setHeader("Cache-Control","no-cache");
response.setHeader("Pragma","no-cache");
response.setHeader("Expires","Tue, 01 Jan 1980 1:00:00
GMT");

covers various browsers and os's and the like, but it still seems to get
cached, particularly in ie 5, for unknown reasons and to an intermittent
schedule :-(

-Original Message-
From: Heijns, P.J.B. [mailto:[EMAIL PROTECTED]]
Sent: Friday, March 16, 2001 8:54 AM
To: [EMAIL PROTECTED]
Subject: expire


Hi,

Does anyone know how I can expire a JSP page? I want that if you leave the
JSP page it immediately expires, so that the users can't use the back button
in there browser to go to the previous page.

Thank u,

Pieter Heijms

RE: expire

[Alistair Hopkins]

response.setHeader("Cache-Control","no-cache");
response.setHeader("Pragma","no-cache");
response.setHeader("Expires","Tue, 01 Jan 1980 1:00:00
GMT");

covers various browsers and os's and the like, but it still seems to get
cached, particularly in ie 5, for unknown reasons and to an intermittent
schedule :-(

-Original Message-
From: Heijns, P.J.B. [mailto:[EMAIL PROTECTED]]
Sent: Friday, March 16, 2001 8:54 AM
To: [EMAIL PROTECTED]
Subject: expire


Hi,

Does anyone know how I can expire a JSP page? I want that if you leave the
JSP page it immediately expires, so that the users can't use the back button
in there browser to go to the previous page.

Thank u,

Pieter Heijms

expire

[Heijns, P.J.B.]

Hi,

Does anyone know how I can expire a JSP page? I want that if you leave the
JSP page it immediately expires, so that the users can't use the back button
in there browser to go to the previous page.

Thank u,

Pieter Heijms