Thanks Pawel for such detalied description i did all the things as mentioned by you but still its not working for me
regarding SSL its working for me bt still caching problem is there i will again dig deep in to it and if you can provide me a small app that will be wonderfull i can use that to compare my functionality so that i can find out where i am doing wrong or whats going wrong in my application. On 1/26/09, Paweł Wielgus <poulw...@gmail.com> wrote: > > Hi Shekher, > what i did is: > 1. I added on every page: > > <meta http-equiv="Pragma" content="no-cache"/> > <meta http-equiv="Cache-Control" content="no-cache"/> > <meta http-equiv="Expires" content="-1"/> > > - in <head> section at the begining of page and after <body> just > before </html> i added: > > <head> > <meta http-equiv="pragma" content="no-cache"/> > <meta http-equiv="cache-control" content="no-cache"/> > <meta http-equiv="expires" content="-1"/> > </head> > - so it is doubled! > > 2. I added to every response: > > response.setHeader("Pragma", "no-cache"); > response.setHeader("Cache-Control", "no-cache"); > response.setHeader("Expires", "-1"); > > And that's working for me under ssl. As for ssl it has nothing to do > with struts2, it's controlled by tomcat or any other server You are > using, i know there is ssl-plugin for s2 but i honestly don't know > what for, maybe it is targeted for checking if request is under ssl > and if not redirecting to ssl connection, but it's not turning ssl on > for sure. > > If that won't help i can make a little app and pack it up for You, but > it can take some time. > > Best greetings, > Paweł Wielgus. > > 2009/1/25 shekher awasthi <shekher.awas...@gmail.com>: > > Hi Hi Paweł, > > > > i tried all the way in secure way > > > > i implimented SSL and now my tomcat is running on port 8443 usinh https > > protocol > > i have created a custom interceptor for setting the header values > > > > when user click logg off button this custom interceptor is working > setting > > the header values below is the code i am using > > > > ActionContext context=invocation.getInvocationContext(); > > HttpServletResponse > > response=(HttpServletResponse)context.get(StrutsStatics.HTTP_RESPONSE); > > if(response!=null){ > > System.out.println("**********setting > > header**************"); > > response.setHeader("Cache-Control", "must-revalidate"); > > response.setHeader("Cache-Control", "max-age=0"); > > response.setHeader("Pragma", "no-cache");//HTTP 1.1 > > response.setDateHeader ("Expires", 0); //prevents caching > at > > the proxy > > response.setHeader("Cache-Control","no-store"); //HTTP 1.1 > > > > } > > > > and on my logot message i have something like this > > > > <META content="MSHTML 6.00.2900.2180" name=GENERATOR> > > <META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE"> > > <META HTTP-EQUIV="EXPIRES" CONTENT="-1"> > > <META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE"> > > > > but still results are same > > i can go back to secure page using browser back button > > any idea why this is going on?? > > > > or do i need to set anything apart from this? > > > > -shekher > > > > On Fri, Jan 23, 2009 at 9:06 PM, shekher awasthi > > <shekher.awas...@gmail.com>wrote: > > > >> Can you guide me the way how to use SSL in struts2 i am looking in to > this > >> > >> IDE i am using is MyEclispe > >> > >> and i am testing it using tomcat > >> > >> On Fri, Jan 23, 2009 at 7:33 PM, Paweł Wielgus <poulw...@gmail.com> > wrote: > >> > >>> Hi Shekher, > >>> all my testing was under SSL connection. So without pragma and cache > >>> control it's not working - sadly. > >>> > >>> Best greetings, > >>> Paweł Wielgus. > >>> > >>> 2009/1/22 shekher awasthi <shekher.awas...@gmail.com>: > >>> > Hi Paweł, > >>> > > >>> > another way we can do this by using SSL > >>> > as we are dealing in secure zone so using SSL for this might be a > good > >>> case. > >>> > > >>> > the application i have seen so far who have dealt with this > back/forward > >>> > button always using HTTPS protocol. > >>> > > >>> > i am also diving in to this case study and will share the results > >>> > > >>> > > >>> > On 1/22/09, shekher awasthi <shekher.awas...@gmail.com> wrote: > >>> >> > >>> >> one of the banking application site which i tested today > >>> >> > >>> >> when user get logged off from and try to hit the back button he will > be > >>> >> shown a different page > >>> >> instead the one in the cache > >>> >> so i am also loking in to this aspect. > >>> >> > >>> >> > >>> >> On 1/22/09, shekher awasthi <shekher.awas...@gmail.com> wrote: > >>> >>> > >>> >>> using javascript is not a sure short solution > >>> >>> as i tested it throughly and javascript behaviour is not consistent > >>> >>> throught > >>> >>> > >>> >>> regarding setting header i did this i developed a custom > interceptor > >>> which > >>> >>> is doing this > >>> >>> > >>> >>> but again its not worked as expected. > >>> >>> i am still clueless how online banking application doing this trick > >>> >>> > >>> >>> i am still on R&D mode for this if find anything will share it > >>> >>> > >>> >>> > >>> >>> On 1/22/09, Paweł Wielgus <poulw...@gmail.com> wrote: > >>> >>>> > >>> >>>> Hi Ehtesham, > >>> >>>> it was said before on this thread that user can simply turn of > >>> >>>> javascript whenever he wants, > >>> >>>> thats why i was looking for more server controlled solution. But > >>> thank > >>> >>>> You for pointing it out, You made me to add it to my blog post. > >>> >>>> > >>> >>>> Best greetings, > >>> >>>> Paweł Wielgus. > >>> >>>> > >>> >>>> 2009/1/22 Ehteshamul Haque <ehsho...@yahoo.com>: > >>> >>>> > > >>> >>>> > > >>> >>>> > > >>> >>>> > Hi, > >>> >>>> > > >>> >>>> > I am not that much expert I I used the following javascript code > >>> before > >>> >>>> in each page and it workded fine. > >>> >>>> > > >>> >>>> > > >>> >>>> > <script language="JavaScript"> > >>> >>>> > var x=window.history.length; > >>> >>>> > if (window.history[x]!=window.location) > >>> >>>> > { > >>> >>>> > window.history.forward(); > >>> >>>> > } > >>> >>>> > </script> > >>> >>>> > > >>> >>>> > If it work for you I will be very happy. > >>> >>>> > > >>> >>>> > Thank you. > >>> >>>> > > >>> >>>> > -Ehtesham > >>> >>>> > > >>> >>>> > > >>> >>>> > --- On Thu, 1/22/09, Paweł Wielgus <poulw...@gmail.com> wrote: > >>> >>>> > > >>> >>>> > From: Paweł Wielgus <poulw...@gmail.com> > >>> >>>> > Subject: Re: Handling Browser Back/Forward Button in Struts2 > >>> >>>> > To: "Struts Users Mailing List" <user@struts.apache.org> > >>> >>>> > Date: Thursday, January 22, 2009, 12:34 AM > >>> >>>> > > >>> >>>> > Hi Shekher, > >>> >>>> > it was very interesting subject, so i dig a little more. > >>> >>>> > Here [1] is what i found, with some tests. > >>> >>>> > Basicly it turns out that You should add headers in page and to > >>> >>>> response. > >>> >>>> > > >>> >>>> > [1] - > >>> >>>> > >>> > http://poulwiel.blogspot.com/2009/01/browser-back-button-and-caching-problem.html > >>> >>>> > > >>> >>>> > Best greetings, > >>> >>>> > Paweł Wielgus. > >>> >>>> > > >>> >>>> > 2009/1/21 shekher awasthi <shekher.awas...@gmail.com>: > >>> >>>> >> Is it possible that either i should only put these header in > the > >>> >>>> logout > >>> >>>> >> action > >>> >>>> >> > >>> >>>> >> where i am removing the session and den redirecting the user to > >>> index > >>> >>>> page > >>> >>>> >> something like this > >>> >>>> >> > >>> >>>> >> HttpServletResponse response=null; > >>> >>>> >> response=ServletActionContext.getResponse(); > >>> >>>> >> > >>> >>>> >> response.setHeader("Pragma", "no-cache"); > >>> >>>> >> response.setHeader("Cache-Control", "no-cache"); > >>> >>>> >> response.setHeader("Expires", "0"); > >>> >>>> >> > >>> >>>> >> or can we create a interceptor which can do this for all the > >>> request > >>> >>>> wheer > >>> >>>> >> we want this feature?? > >>> >>>> >> > >>> >>>> >> 2009/1/21 shekher awasthi <shekher.awas...@gmail.com> > >>> >>>> >> > >>> >>>> >>> i tried using setting the eader values but they are not > working > >>> as > >>> >>>> expected > >>> >>>> >>> i can even > >>> >>>> >>> > >>> >>>> >>> go and move back using broswer back button. > >>> >>>> >>> > >>> >>>> >>> if i will find anything helpfull will share with you > >>> >>>> >>> till then hard luck > >>> >>>> >>> :) > >>> >>>> >>> > >>> >>>> >>> 2009/1/21 Paweł Wielgus <poulw...@gmail.com> > >>> >>>> >>> > >>> >>>> >>> Hi Shekher, > >>> >>>> >>>> what i meant is that it can be done from server side. > >>> >>>> >>>> Check for example Your e-banking application, i did it on > mine > >>> :-). > >>> >>>> >>>> There, when You press back button browser won't serve You > cached > >>> >>>> page > >>> >>>> >>>> but ask server for fresh one - this is controlled with > >>> content-cache > >>> >>>> >>>> and pragma, but i can't be more helpfull to You here because > i > >>> >>>> haven't > >>> >>>> >>>> done it before. > >>> >>>> >>>> > >>> >>>> >>>> Best greetings, > >>> >>>> >>>> Paweł Wielgus. > >>> >>>> >>>> > >>> >>>> >>>> > >>> >>>> >>>> 2009/1/21 shekher awasthi <shekher.awas...@gmail.com>: > >>> >>>> >>>> > Hi Paweł, > >>> >>>> >>>> > > >>> >>>> >>>> > thats true it only send request to server if i will > refresh > >>> the > >>> >>>> page > >>> >>>> >>>> and > >>> >>>> >>>> > for that i have already custom interceptor places which is > >>> >>>> checking the > >>> >>>> >>>> user > >>> >>>> >>>> > object in session in order to confirm that the request is > from > >>> >>>> >>>> authorized > >>> >>>> >>>> > user > >>> >>>> >>>> > > >>> >>>> >>>> > but when i make use of back button it serve the page from > the > >>> >>>> local > >>> >>>> >>>> > chache,so the problem is related to client side more than > that > >>> of > >>> >>>> server > >>> >>>> >>>> > handling > >>> >>>> >>>> > > >>> >>>> >>>> > still trying to find a firm solution for it > >>> >>>> >>>> > > >>> >>>> >>>> > 2009/1/20 Paweł Wielgus <poulw...@gmail.com> > >>> >>>> >>>> > > >>> >>>> >>>> >> Hi Shekher, > >>> >>>> >>>> >> first try this scenario: > >>> >>>> >>>> >> 1. logout user > >>> >>>> >>>> >> 2. back button - check for logs if action was fired > >>> >>>> >>>> >> 3. refresh page - check for logs if action was fired > >>> >>>> >>>> >> Most likely only the 3. will fire action because browser > will > >>> >>>> serve > >>> >>>> >>>> >> cached version of that page. > >>> >>>> >>>> >> I was about to write that to deal with it You can use > https > >>> >>>> scheme, > >>> >>>> >>>> >> but i just got it checked and it's not true. So maybe > using > >>> >>>> pragma and > >>> >>>> >>>> >> or cache-control will do? > >>> >>>> >>>> >> > >>> >>>> >>>> >> Still user can disable javascript so solution with script > >>> might > >>> >>>> not > >>> >>>> >>>> work. > >>> >>>> >>>> >> If You find out anything more please let us know. > >>> >>>> >>>> >> > >>> >>>> >>>> >> Best greetings, > >>> >>>> >>>> >> Paweł Wielgus. > >>> >>>> >>>> >> > >>> >>>> >>>> >> > >>> >>>> >>>> >> 2009/1/20 Robert Graf-Waczenski <r...@lsoft.com>: > >>> >>>> >>>> >> > You don't write if the browser back button is supposed > to > >>> be > >>> >>>> >>>> functional > >>> >>>> >>>> >> in > >>> >>>> >>>> >> > your application (in many cases it is not, but YMMV). > >>> >>>> >>>> >> > > >>> >>>> >>>> >> > If you want to disable the browser back button, use the > >>> code > >>> >>>> below in > >>> >>>> >>>> all > >>> >>>> >>>> >> > your pages: > >>> >>>> >>>> >> > > >>> >>>> >>>> >> > <script type="text/javascript"> > >>> >>>> >>>> >> > history.forward(); > >>> >>>> >>>> >> > </script> > >>> >>>> >>>> >> > > >>> >>>> >>>> >> > I'm not aware of any feature in Struts2 that deals with > the > >>> >>>> browser > >>> >>>> >>>> back > >>> >>>> >>>> >> > button. > >>> >>>> >>>> >> > > >>> >>>> >>>> >> > Robert > >>> >>>> >>>> >> > > >>> >>>> >>>> >> > > >>> >>>> >>>> >> > shekher awasthi wrote: > >>> >>>> >>>> >> >> > >>> >>>> >>>> >> >> Hi All, > >>> >>>> >>>> >> >> > >>> >>>> >>>> >> >> in the process of developing application using struts > >>> 2.0.11, > >>> >>>> i came > >>> >>>> >>>> >> >> across > >>> >>>> >>>> >> >> the problem of handling browser back/forward button. > >>> >>>> >>>> >> >> > >>> >>>> >>>> >> >> This problem is occurring when we will logout the > user.On > >>> >>>> Clicking > >>> >>>> >>>> the > >>> >>>> >>>> >> >> logout button we are currently removing the user from > the > >>> >>>> session > >>> >>>> >>>> >> >> > >>> >>>> >>>> >> >> and it worked fine for us. After the successful logout > >>> process > >>> >>>> user > >>> >>>> >>>> will > >>> >>>> >>>> >> >> be > >>> >>>> >>>> >> >> redirected to the index page(which have the login > field), > >>> >>>> >>>> >> >> > >>> >>>> >>>> >> >> but when user hits the browser back button he is > getting > >>> >>>> himself > >>> >>>> >>>> there > >>> >>>> >>>> >> in > >>> >>>> >>>> >> >> the secure page even we have remove the user object > from > >>> the > >>> >>>> session > >>> >>>> >>>> >> >> > >>> >>>> >>>> >> >> below is the code we are using for removing the user > >>> >>>> >>>> >> >> > >>> >>>> >>>> >> >> session.remove(BSConstant.USER); > >>> >>>> >>>> >> >> > >>> >>>> >>>> >> >> i am clueless where we are doing wrong , as we think we > >>> are > >>> >>>> having > >>> >>>> >>>> two > >>> >>>> >>>> >> >> points > >>> >>>> >>>> >> >> > >>> >>>> >>>> >> >> 1) Either the user is not getting removed from the > >>> session,but > >>> >>>> the > >>> >>>> >>>> >> chances > >>> >>>> >>>> >> >> are very less as for all other call after logout it is > >>> forcing > >>> >>>> the > >>> >>>> >>>> user > >>> >>>> >>>> >> to > >>> >>>> >>>> >> >> login first. > >>> >>>> >>>> >> >> > >>> >>>> >>>> >> >> 2) Back button handling is not there > >>> >>>> >>>> >> >> > >>> >>>> >>>> >> >> my question is, Is there any way in struts2 to handle > >>> browser > >>> >>>> >>>> >> back/forward > >>> >>>> >>>> >> >> button or do i need to use some other technique like > >>> >>>> >>>> >> >> > >>> >>>> >>>> >> >> setting response header > >>> >>>> >>>> >> >> > >>> >>>> >>>> >> >> any suggestion in this regard will be much appreciated. > >>> >>>> >>>> >> >> > >>> >>>> >>>> >> >> -s > >>> >>>> >>>> >> >> > >>> >>>> >>>> >> >> > >>> >>>> >>>> >> > > >>> >>>> >>>> >> > > >>> >>>> >>>> >> > > >>> >>>> > --------------------------------------------------------------------- > >>> >>>> >>>> >> > To unsubscribe, e-mail: > user-unsubscr...@struts.apache.org > >>> >>>> >>>> >> > For additional commands, e-mail: > >>> user-h...@struts.apache.org > >>> >>>> >>>> >> > > >>> >>>> >>>> >> > > >>> >>>> >>>> >> > >>> >>>> >>>> >> > >>> >>>> > --------------------------------------------------------------------- > >>> >>>> >>>> >> To unsubscribe, e-mail: > user-unsubscr...@struts.apache.org > >>> >>>> >>>> >> For additional commands, e-mail: > user-h...@struts.apache.org > >>> >>>> >>>> >> > >>> >>>> >>>> >> > >>> >>>> >>>> > > >>> >>>> >>>> > >>> >>>> >>>> > >>> >>>> > --------------------------------------------------------------------- > >>> >>>> >>>> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > >>> >>>> >>>> For additional commands, e-mail: user-h...@struts.apache.org > >>> >>>> >>>> > >>> >>>> >>>> > >>> >>>> >>> > >>> >>>> >> > >>> >>>> > > >>> >>>> > > >>> --------------------------------------------------------------------- > >>> >>>> > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > >>> >>>> > For additional commands, e-mail: user-h...@struts.apache.org > >>> >>>> > > >>> >>>> > > >>> >>>> > > >>> >>>> > > >>> >>>> > > >>> >>>> > >>> >>>> > --------------------------------------------------------------------- > >>> >>>> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > >>> >>>> For additional commands, e-mail: user-h...@struts.apache.org > >>> >>>> > >>> >>>> > >>> >>> > >>> >> > >>> > > >>> > >>> --------------------------------------------------------------------- > >>> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > >>> For additional commands, e-mail: user-h...@struts.apache.org > >>> > >>> > >> > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org > For additional commands, e-mail: user-h...@struts.apache.org > >