Thanks Pawel for such detalied description
i did all the things as mentioned by you but still its not working for me
regarding SSL its working for me bt still caching problem is there
i will again dig deep in to it and if you can provide me a small app that
will be wonderfull i can use that to compare my functionality so that i can
find out where i am doing wrong or whats going wrong in my application.
On 1/26/09, Paweł Wielgus <poulw...@gmail.com> wrote:
>
> Hi Shekher,
> what i did is:
> 1. I added on every page:
>
> <meta http-equiv="Pragma" content="no-cache"/>
> <meta http-equiv="Cache-Control" content="no-cache"/>
> <meta http-equiv="Expires" content="-1"/>
>
> - in <head> section at the begining of page and after <body> just
> before </html> i added:
>
> <head>
> <meta http-equiv="pragma" content="no-cache"/>
> <meta http-equiv="cache-control" content="no-cache"/>
> <meta http-equiv="expires" content="-1"/>
> </head>
> - so it is doubled!
>
> 2. I added to every response:
>
> response.setHeader("Pragma", "no-cache");
> response.setHeader("Cache-Control", "no-cache");
> response.setHeader("Expires", "-1");
>
> And that's working for me under ssl. As for ssl it has nothing to do
> with struts2, it's controlled by tomcat or any other server You are
> using, i know there is ssl-plugin for s2 but i honestly don't know
> what for, maybe it is targeted for checking if request is under ssl
> and if not redirecting to ssl connection, but it's not turning ssl on
> for sure.
>
> If that won't help i can make a little app and pack it up for You, but
> it can take some time.
>
> Best greetings,
> Paweł Wielgus.
>
> 2009/1/25 shekher awasthi <shekher.awas...@gmail.com>:
> > Hi Hi Paweł,
> >
> > i tried all the way in secure way
> >
> > i implimented SSL and now my tomcat is running on port 8443 usinh https
> > protocol
> > i have created a custom interceptor for setting the header values
> >
> > when user click logg off button this custom interceptor is working
> setting
> > the header values below is the code i am using
> >
> > ActionContext context=invocation.getInvocationContext();
> > HttpServletResponse
> > response=(HttpServletResponse)context.get(StrutsStatics.HTTP_RESPONSE);
> > if(response!=null){
> > System.out.println("**********setting
> > header**************");
> > response.setHeader("Cache-Control", "must-revalidate");
> > response.setHeader("Cache-Control", "max-age=0");
> > response.setHeader("Pragma", "no-cache");//HTTP 1.1
> > response.setDateHeader ("Expires", 0); //prevents caching
> at
> > the proxy
> > response.setHeader("Cache-Control","no-store"); //HTTP 1.1
> >
> > }
> >
> > and on my logot message i have something like this
> >
> > <META content="MSHTML 6.00.2900.2180" name=GENERATOR>
> > <META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
> > <META HTTP-EQUIV="EXPIRES" CONTENT="-1">
> > <META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
> >
> > but still results are same
> > i can go back to secure page using browser back button
> > any idea why this is going on??
> >
> > or do i need to set anything apart from this?
> >
> > -shekher
> >
> > On Fri, Jan 23, 2009 at 9:06 PM, shekher awasthi
> > <shekher.awas...@gmail.com>wrote:
> >
> >> Can you guide me the way how to use SSL in struts2 i am looking in to
> this
> >>
> >> IDE i am using is MyEclispe
> >>
> >> and i am testing it using tomcat
> >>
> >> On Fri, Jan 23, 2009 at 7:33 PM, Paweł Wielgus <poulw...@gmail.com>
> wrote:
> >>
> >>> Hi Shekher,
> >>> all my testing was under SSL connection. So without pragma and cache
> >>> control it's not working - sadly.
> >>>
> >>> Best greetings,
> >>> Paweł Wielgus.
> >>>
> >>> 2009/1/22 shekher awasthi <shekher.awas...@gmail.com>:
> >>> > Hi Paweł,
> >>> >
> >>> > another way we can do this by using SSL
> >>> > as we are dealing in secure zone so using SSL for this might be a
> good
> >>> case.
> >>> >
> >>> > the application i have seen so far who have dealt with this
> back/forward
> >>> > button always using HTTPS protocol.
> >>> >
> >>> > i am also diving in to this case study and will share the results
> >>> >
> >>> >
> >>> > On 1/22/09, shekher awasthi <shekher.awas...@gmail.com> wrote:
> >>> >>
> >>> >> one of the banking application site which i tested today
> >>> >>
> >>> >> when user get logged off from and try to hit the back button he will
> be
> >>> >> shown a different page
> >>> >> instead the one in the cache
> >>> >> so i am also loking in to this aspect.
> >>> >>
> >>> >>
> >>> >> On 1/22/09, shekher awasthi <shekher.awas...@gmail.com> wrote:
> >>> >>>
> >>> >>> using javascript is not a sure short solution
> >>> >>> as i tested it throughly and javascript behaviour is not consistent
> >>> >>> throught
> >>> >>>
> >>> >>> regarding setting header i did this i developed a custom
> interceptor
> >>> which
> >>> >>> is doing this
> >>> >>>
> >>> >>> but again its not worked as expected.
> >>> >>> i am still clueless how online banking application doing this trick
> >>> >>>
> >>> >>> i am still on R&D mode for this if find anything will share it
> >>> >>>
> >>> >>>
> >>> >>> On 1/22/09, Paweł Wielgus <poulw...@gmail.com> wrote:
> >>> >>>>
> >>> >>>> Hi Ehtesham,
> >>> >>>> it was said before on this thread that user can simply turn of
> >>> >>>> javascript whenever he wants,
> >>> >>>> thats why i was looking for more server controlled solution. But
> >>> thank
> >>> >>>> You for pointing it out, You made me to add it to my blog post.
> >>> >>>>
> >>> >>>> Best greetings,
> >>> >>>> Paweł Wielgus.
> >>> >>>>
> >>> >>>> 2009/1/22 Ehteshamul Haque <ehsho...@yahoo.com>:
> >>> >>>> >
> >>> >>>> >
> >>> >>>> >
> >>> >>>> > Hi,
> >>> >>>> >
> >>> >>>> > I am not that much expert I I used the following javascript code
> >>> before
> >>> >>>> in each page and it workded fine.
> >>> >>>> >
> >>> >>>> >
> >>> >>>> > <script language="JavaScript">
> >>> >>>> > var x=window.history.length;
> >>> >>>> > if (window.history[x]!=window.location)
> >>> >>>> > {
> >>> >>>> > window.history.forward();
> >>> >>>> > }
> >>> >>>> > </script>
> >>> >>>> >
> >>> >>>> > If it work for you I will be very happy.
> >>> >>>> >
> >>> >>>> > Thank you.
> >>> >>>> >
> >>> >>>> > -Ehtesham
> >>> >>>> >
> >>> >>>> >
> >>> >>>> > --- On Thu, 1/22/09, Paweł Wielgus <poulw...@gmail.com> wrote:
> >>> >>>> >
> >>> >>>> > From: Paweł Wielgus <poulw...@gmail.com>
> >>> >>>> > Subject: Re: Handling Browser Back/Forward Button in Struts2
> >>> >>>> > To: "Struts Users Mailing List" <user@struts.apache.org>
> >>> >>>> > Date: Thursday, January 22, 2009, 12:34 AM
> >>> >>>> >
> >>> >>>> > Hi Shekher,
> >>> >>>> > it was very interesting subject, so i dig a little more.
> >>> >>>> > Here [1] is what i found, with some tests.
> >>> >>>> > Basicly it turns out that You should add headers in page and to
> >>> >>>> response.
> >>> >>>> >
> >>> >>>> > [1] -
> >>> >>>>
> >>>
> http://poulwiel.blogspot.com/2009/01/browser-back-button-and-caching-problem.html
> >>> >>>> >
> >>> >>>> > Best greetings,
> >>> >>>> > Paweł Wielgus.
> >>> >>>> >
> >>> >>>> > 2009/1/21 shekher awasthi <shekher.awas...@gmail.com>:
> >>> >>>> >> Is it possible that either i should only put these header in
> the
> >>> >>>> logout
> >>> >>>> >> action
> >>> >>>> >>
> >>> >>>> >> where i am removing the session and den redirecting the user to
> >>> index
> >>> >>>> page
> >>> >>>> >> something like this
> >>> >>>> >>
> >>> >>>> >> HttpServletResponse response=null;
> >>> >>>> >> response=ServletActionContext.getResponse();
> >>> >>>> >>
> >>> >>>> >> response.setHeader("Pragma", "no-cache");
> >>> >>>> >> response.setHeader("Cache-Control", "no-cache");
> >>> >>>> >> response.setHeader("Expires", "0");
> >>> >>>> >>
> >>> >>>> >> or can we create a interceptor which can do this for all the
> >>> request
> >>> >>>> wheer
> >>> >>>> >> we want this feature??
> >>> >>>> >>
> >>> >>>> >> 2009/1/21 shekher awasthi <shekher.awas...@gmail.com>
> >>> >>>> >>
> >>> >>>> >>> i tried using setting the eader values but they are not
> working
> >>> as
> >>> >>>> expected
> >>> >>>> >>> i can even
> >>> >>>> >>>
> >>> >>>> >>> go and move back using broswer back button.
> >>> >>>> >>>
> >>> >>>> >>> if i will find anything helpfull will share with you
> >>> >>>> >>> till then hard luck
> >>> >>>> >>> :)
> >>> >>>> >>>
> >>> >>>> >>> 2009/1/21 Paweł Wielgus <poulw...@gmail.com>
> >>> >>>> >>>
> >>> >>>> >>> Hi Shekher,
> >>> >>>> >>>> what i meant is that it can be done from server side.
> >>> >>>> >>>> Check for example Your e-banking application, i did it on
> mine
> >>> :-).
> >>> >>>> >>>> There, when You press back button browser won't serve You
> cached
> >>> >>>> page
> >>> >>>> >>>> but ask server for fresh one - this is controlled with
> >>> content-cache
> >>> >>>> >>>> and pragma, but i can't be more helpfull to You here because
> i
> >>> >>>> haven't
> >>> >>>> >>>> done it before.
> >>> >>>> >>>>
> >>> >>>> >>>> Best greetings,
> >>> >>>> >>>> Paweł Wielgus.
> >>> >>>> >>>>
> >>> >>>> >>>>
> >>> >>>> >>>> 2009/1/21 shekher awasthi <shekher.awas...@gmail.com>:
> >>> >>>> >>>> > Hi Paweł,
> >>> >>>> >>>> >
> >>> >>>> >>>> > thats true it only send request to server if i will
> refresh
> >>> the
> >>> >>>> page
> >>> >>>> >>>> and
> >>> >>>> >>>> > for that i have already custom interceptor places which is
> >>> >>>> checking the
> >>> >>>> >>>> user
> >>> >>>> >>>> > object in session in order to confirm that the request is
> from
> >>> >>>> >>>> authorized
> >>> >>>> >>>> > user
> >>> >>>> >>>> >
> >>> >>>> >>>> > but when i make use of back button it serve the page from
> the
> >>> >>>> local
> >>> >>>> >>>> > chache,so the problem is related to client side more than
> that
> >>> of
> >>> >>>> server
> >>> >>>> >>>> > handling
> >>> >>>> >>>> >
> >>> >>>> >>>> > still trying to find a firm solution for it
> >>> >>>> >>>> >
> >>> >>>> >>>> > 2009/1/20 Paweł Wielgus <poulw...@gmail.com>
> >>> >>>> >>>> >
> >>> >>>> >>>> >> Hi Shekher,
> >>> >>>> >>>> >> first try this scenario:
> >>> >>>> >>>> >> 1. logout user
> >>> >>>> >>>> >> 2. back button - check for logs if action was fired
> >>> >>>> >>>> >> 3. refresh page - check for logs if action was fired
> >>> >>>> >>>> >> Most likely only the 3. will fire action because browser
> will
> >>> >>>> serve
> >>> >>>> >>>> >> cached version of that page.
> >>> >>>> >>>> >> I was about to write that to deal with it You can use
> https
> >>> >>>> scheme,
> >>> >>>> >>>> >> but i just got it checked and it's not true. So maybe
> using
> >>> >>>> pragma and
> >>> >>>> >>>> >> or cache-control will do?
> >>> >>>> >>>> >>
> >>> >>>> >>>> >> Still user can disable javascript so solution with script
> >>> might
> >>> >>>> not
> >>> >>>> >>>> work.
> >>> >>>> >>>> >> If You find out anything more please let us know.
> >>> >>>> >>>> >>
> >>> >>>> >>>> >> Best greetings,
> >>> >>>> >>>> >> Paweł Wielgus.
> >>> >>>> >>>> >>
> >>> >>>> >>>> >>
> >>> >>>> >>>> >> 2009/1/20 Robert Graf-Waczenski <r...@lsoft.com>:
> >>> >>>> >>>> >> > You don't write if the browser back button is supposed
> to
> >>> be
> >>> >>>> >>>> functional
> >>> >>>> >>>> >> in
> >>> >>>> >>>> >> > your application (in many cases it is not, but YMMV).
> >>> >>>> >>>> >> >
> >>> >>>> >>>> >> > If you want to disable the browser back button, use the
> >>> code
> >>> >>>> below in
> >>> >>>> >>>> all
> >>> >>>> >>>> >> > your pages:
> >>> >>>> >>>> >> >
> >>> >>>> >>>> >> > <script type="text/javascript">
> >>> >>>> >>>> >> > history.forward();
> >>> >>>> >>>> >> > </script>
> >>> >>>> >>>> >> >
> >>> >>>> >>>> >> > I'm not aware of any feature in Struts2 that deals with
> the
> >>> >>>> browser
> >>> >>>> >>>> back
> >>> >>>> >>>> >> > button.
> >>> >>>> >>>> >> >
> >>> >>>> >>>> >> > Robert
> >>> >>>> >>>> >> >
> >>> >>>> >>>> >> >
> >>> >>>> >>>> >> > shekher awasthi wrote:
> >>> >>>> >>>> >> >>
> >>> >>>> >>>> >> >> Hi All,
> >>> >>>> >>>> >> >>
> >>> >>>> >>>> >> >> in the process of developing application using struts
> >>> 2.0.11,
> >>> >>>> i came
> >>> >>>> >>>> >> >> across
> >>> >>>> >>>> >> >> the problem of handling browser back/forward button.
> >>> >>>> >>>> >> >>
> >>> >>>> >>>> >> >> This problem is occurring when we will logout the
> user.On
> >>> >>>> Clicking
> >>> >>>> >>>> the
> >>> >>>> >>>> >> >> logout button we are currently removing the user from
> the
> >>> >>>> session
> >>> >>>> >>>> >> >>
> >>> >>>> >>>> >> >> and it worked fine for us. After the successful logout
> >>> process
> >>> >>>> user
> >>> >>>> >>>> will
> >>> >>>> >>>> >> >> be
> >>> >>>> >>>> >> >> redirected to the index page(which have the login
> field),
> >>> >>>> >>>> >> >>
> >>> >>>> >>>> >> >> but when user hits the browser back button he is
> getting
> >>> >>>> himself
> >>> >>>> >>>> there
> >>> >>>> >>>> >> in
> >>> >>>> >>>> >> >> the secure page even we have remove the user object
> from
> >>> the
> >>> >>>> session
> >>> >>>> >>>> >> >>
> >>> >>>> >>>> >> >> below is the code we are using for removing the user
> >>> >>>> >>>> >> >>
> >>> >>>> >>>> >> >> session.remove(BSConstant.USER);
> >>> >>>> >>>> >> >>
> >>> >>>> >>>> >> >> i am clueless where we are doing wrong , as we think we
> >>> are
> >>> >>>> having
> >>> >>>> >>>> two
> >>> >>>> >>>> >> >> points
> >>> >>>> >>>> >> >>
> >>> >>>> >>>> >> >> 1) Either the user is not getting removed from the
> >>> session,but
> >>> >>>> the
> >>> >>>> >>>> >> chances
> >>> >>>> >>>> >> >> are very less as for all other call after logout it is
> >>> forcing
> >>> >>>> the
> >>> >>>> >>>> user
> >>> >>>> >>>> >> to
> >>> >>>> >>>> >> >> login first.
> >>> >>>> >>>> >> >>
> >>> >>>> >>>> >> >> 2) Back button handling is not there
> >>> >>>> >>>> >> >>
> >>> >>>> >>>> >> >> my question is, Is there any way in struts2 to handle
> >>> browser
> >>> >>>> >>>> >> back/forward
> >>> >>>> >>>> >> >> button or do i need to use some other technique like
> >>> >>>> >>>> >> >>
> >>> >>>> >>>> >> >> setting response header
> >>> >>>> >>>> >> >>
> >>> >>>> >>>> >> >> any suggestion in this regard will be much appreciated.
> >>> >>>> >>>> >> >>
> >>> >>>> >>>> >> >> -s
> >>> >>>> >>>> >> >>
> >>> >>>> >>>> >> >>
> >>> >>>> >>>> >> >
> >>> >>>> >>>> >> >
> >>> >>>> >>>> >> >
> >>> >>>>
> ---------------------------------------------------------------------
> >>> >>>> >>>> >> > To unsubscribe, e-mail:
> user-unsubscr...@struts.apache.org
> >>> >>>> >>>> >> > For additional commands, e-mail:
> >>> user-h...@struts.apache.org
> >>> >>>> >>>> >> >
> >>> >>>> >>>> >> >
> >>> >>>> >>>> >>
> >>> >>>> >>>> >>
> >>> >>>>
> ---------------------------------------------------------------------
> >>> >>>> >>>> >> To unsubscribe, e-mail:
> user-unsubscr...@struts.apache.org
> >>> >>>> >>>> >> For additional commands, e-mail:
> user-h...@struts.apache.org
> >>> >>>> >>>> >>
> >>> >>>> >>>> >>
> >>> >>>> >>>> >
> >>> >>>> >>>>
> >>> >>>> >>>>
> >>> >>>>
> ---------------------------------------------------------------------
> >>> >>>> >>>> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
> >>> >>>> >>>> For additional commands, e-mail: user-h...@struts.apache.org
> >>> >>>> >>>>
> >>> >>>> >>>>
> >>> >>>> >>>
> >>> >>>> >>
> >>> >>>> >
> >>> >>>> >
> >>> ---------------------------------------------------------------------
> >>> >>>> > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
> >>> >>>> > For additional commands, e-mail: user-h...@struts.apache.org
> >>> >>>> >
> >>> >>>> >
> >>> >>>> >
> >>> >>>> >
> >>> >>>> >
> >>> >>>>
> >>> >>>>
> ---------------------------------------------------------------------
> >>> >>>> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
> >>> >>>> For additional commands, e-mail: user-h...@struts.apache.org
> >>> >>>>
> >>> >>>>
> >>> >>>
> >>> >>
> >>> >
> >>>
> >>> ---------------------------------------------------------------------
> >>> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
> >>> For additional commands, e-mail: user-h...@struts.apache.org
> >>>
> >>>
> >>
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
> For additional commands, e-mail: user-h...@struts.apache.org
>
>
