Hi Shekher,
i just added a small app, that work for me, on my blog post,
if You are still interested, it's been a while - sorry for the lag,
You can download it from there.
http://poulwiel.blogspot.com/2009/01/browser-back-button-and-caching-problem.html
Best greetings,
Pawel Wielgus.
2009/1/26, shekher awasthi <shekher.awas...@gmail.com>:
> Thanks Pawel for such detalied description
>
> i did all the things as mentioned by you but still its not working for me
>
> regarding SSL its working for me bt still caching problem is there
>
> i will again dig deep in to it and if you can provide me a small app that
> will be wonderfull i can use that to compare my functionality so that i can
> find out where i am doing wrong or whats going wrong in my application.
>
>
> On 1/26/09, Paweł Wielgus <poulw...@gmail.com> wrote:
>>
>> Hi Shekher,
>> what i did is:
>> 1. I added on every page:
>>
>> <meta http-equiv="Pragma" content="no-cache"/>
>> <meta http-equiv="Cache-Control" content="no-cache"/>
>> <meta http-equiv="Expires" content="-1"/>
>>
>> - in <head> section at the begining of page and after <body> just
>> before </html> i added:
>>
>> <head>
>> <meta http-equiv="pragma" content="no-cache"/>
>> <meta http-equiv="cache-control" content="no-cache"/>
>> <meta http-equiv="expires" content="-1"/>
>> </head>
>> - so it is doubled!
>>
>> 2. I added to every response:
>>
>> response.setHeader("Pragma", "no-cache");
>> response.setHeader("Cache-Control", "no-cache");
>> response.setHeader("Expires", "-1");
>>
>> And that's working for me under ssl. As for ssl it has nothing to do
>> with struts2, it's controlled by tomcat or any other server You are
>> using, i know there is ssl-plugin for s2 but i honestly don't know
>> what for, maybe it is targeted for checking if request is under ssl
>> and if not redirecting to ssl connection, but it's not turning ssl on
>> for sure.
>>
>> If that won't help i can make a little app and pack it up for You, but
>> it can take some time.
>>
>> Best greetings,
>> Paweł Wielgus.
>>
>> 2009/1/25 shekher awasthi <shekher.awas...@gmail.com>:
>> > Hi Hi Paweł,
>> >
>> > i tried all the way in secure way
>> >
>> > i implimented SSL and now my tomcat is running on port 8443 usinh https
>> > protocol
>> > i have created a custom interceptor for setting the header values
>> >
>> > when user click logg off button this custom interceptor is working
>> setting
>> > the header values below is the code i am using
>> >
>> > ActionContext context=invocation.getInvocationContext();
>> > HttpServletResponse
>> > response=(HttpServletResponse)context.get(StrutsStatics.HTTP_RESPONSE);
>> > if(response!=null){
>> > System.out.println("**********setting
>> > header**************");
>> > response.setHeader("Cache-Control", "must-revalidate");
>> > response.setHeader("Cache-Control", "max-age=0");
>> > response.setHeader("Pragma", "no-cache");//HTTP 1.1
>> > response.setDateHeader ("Expires", 0); //prevents caching
>> at
>> > the proxy
>> > response.setHeader("Cache-Control","no-store"); //HTTP
>> > 1.1
>> >
>> > }
>> >
>> > and on my logot message i have something like this
>> >
>> > <META content="MSHTML 6.00.2900.2180" name=GENERATOR>
>> > <META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
>> > <META HTTP-EQUIV="EXPIRES" CONTENT="-1">
>> > <META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
>> >
>> > but still results are same
>> > i can go back to secure page using browser back button
>> > any idea why this is going on??
>> >
>> > or do i need to set anything apart from this?
>> >
>> > -shekher
>> >
>> > On Fri, Jan 23, 2009 at 9:06 PM, shekher awasthi
>> > <shekher.awas...@gmail.com>wrote:
>> >
>> >> Can you guide me the way how to use SSL in struts2 i am looking in to
>> this
>> >>
>> >> IDE i am using is MyEclispe
>> >>
>> >> and i am testing it using tomcat
>> >>
>> >> On Fri, Jan 23, 2009 at 7:33 PM, Paweł Wielgus <poulw...@gmail.com>
>> wrote:
>> >>
>> >>> Hi Shekher,
>> >>> all my testing was under SSL connection. So without pragma and cache
>> >>> control it's not working - sadly.
>> >>>
>> >>> Best greetings,
>> >>> Paweł Wielgus.
>> >>>
>> >>> 2009/1/22 shekher awasthi <shekher.awas...@gmail.com>:
>> >>> > Hi Paweł,
>> >>> >
>> >>> > another way we can do this by using SSL
>> >>> > as we are dealing in secure zone so using SSL for this might be a
>> good
>> >>> case.
>> >>> >
>> >>> > the application i have seen so far who have dealt with this
>> back/forward
>> >>> > button always using HTTPS protocol.
>> >>> >
>> >>> > i am also diving in to this case study and will share the results
>> >>> >
>> >>> >
>> >>> > On 1/22/09, shekher awasthi <shekher.awas...@gmail.com> wrote:
>> >>> >>
>> >>> >> one of the banking application site which i tested today
>> >>> >>
>> >>> >> when user get logged off from and try to hit the back button he
>> >>> >> will
>> be
>> >>> >> shown a different page
>> >>> >> instead the one in the cache
>> >>> >> so i am also loking in to this aspect.
>> >>> >>
>> >>> >>
>> >>> >> On 1/22/09, shekher awasthi <shekher.awas...@gmail.com> wrote:
>> >>> >>>
>> >>> >>> using javascript is not a sure short solution
>> >>> >>> as i tested it throughly and javascript behaviour is not
>> >>> >>> consistent
>> >>> >>> throught
>> >>> >>>
>> >>> >>> regarding setting header i did this i developed a custom
>> interceptor
>> >>> which
>> >>> >>> is doing this
>> >>> >>>
>> >>> >>> but again its not worked as expected.
>> >>> >>> i am still clueless how online banking application doing this
>> >>> >>> trick
>> >>> >>>
>> >>> >>> i am still on R&D mode for this if find anything will share it
>> >>> >>>
>> >>> >>>
>> >>> >>> On 1/22/09, Paweł Wielgus <poulw...@gmail.com> wrote:
>> >>> >>>>
>> >>> >>>> Hi Ehtesham,
>> >>> >>>> it was said before on this thread that user can simply turn of
>> >>> >>>> javascript whenever he wants,
>> >>> >>>> thats why i was looking for more server controlled solution. But
>> >>> thank
>> >>> >>>> You for pointing it out, You made me to add it to my blog post.
>> >>> >>>>
>> >>> >>>> Best greetings,
>> >>> >>>> Paweł Wielgus.
>> >>> >>>>
>> >>> >>>> 2009/1/22 Ehteshamul Haque <ehsho...@yahoo.com>:
>> >>> >>>> >
>> >>> >>>> >
>> >>> >>>> >
>> >>> >>>> > Hi,
>> >>> >>>> >
>> >>> >>>> > I am not that much expert I I used the following javascript
>> >>> >>>> > code
>> >>> before
>> >>> >>>> in each page and it workded fine.
>> >>> >>>> >
>> >>> >>>> >
>> >>> >>>> > <script language="JavaScript">
>> >>> >>>> > var x=window.history.length;
>> >>> >>>> > if (window.history[x]!=window.location)
>> >>> >>>> > {
>> >>> >>>> > window.history.forward();
>> >>> >>>> > }
>> >>> >>>> > </script>
>> >>> >>>> >
>> >>> >>>> > If it work for you I will be very happy.
>> >>> >>>> >
>> >>> >>>> > Thank you.
>> >>> >>>> >
>> >>> >>>> > -Ehtesham
>> >>> >>>> >
>> >>> >>>> >
>> >>> >>>> > --- On Thu, 1/22/09, Paweł Wielgus <poulw...@gmail.com> wrote:
>> >>> >>>> >
>> >>> >>>> > From: Paweł Wielgus <poulw...@gmail.com>
>> >>> >>>> > Subject: Re: Handling Browser Back/Forward Button in Struts2
>> >>> >>>> > To: "Struts Users Mailing List" <user@struts.apache.org>
>> >>> >>>> > Date: Thursday, January 22, 2009, 12:34 AM
>> >>> >>>> >
>> >>> >>>> > Hi Shekher,
>> >>> >>>> > it was very interesting subject, so i dig a little more.
>> >>> >>>> > Here [1] is what i found, with some tests.
>> >>> >>>> > Basicly it turns out that You should add headers in page and to
>> >>> >>>> response.
>> >>> >>>> >
>> >>> >>>> > [1] -
>> >>> >>>>
>> >>>
>> http://poulwiel.blogspot.com/2009/01/browser-back-button-and-caching-problem.html
>> >>> >>>> >
>> >>> >>>> > Best greetings,
>> >>> >>>> > Paweł Wielgus.
>> >>> >>>> >
>> >>> >>>> > 2009/1/21 shekher awasthi <shekher.awas...@gmail.com>:
>> >>> >>>> >> Is it possible that either i should only put these header in
>> the
>> >>> >>>> logout
>> >>> >>>> >> action
>> >>> >>>> >>
>> >>> >>>> >> where i am removing the session and den redirecting the user
>> >>> >>>> >> to
>> >>> index
>> >>> >>>> page
>> >>> >>>> >> something like this
>> >>> >>>> >>
>> >>> >>>> >> HttpServletResponse response=null;
>> >>> >>>> >> response=ServletActionContext.getResponse();
>> >>> >>>> >>
>> >>> >>>> >> response.setHeader("Pragma", "no-cache");
>> >>> >>>> >> response.setHeader("Cache-Control", "no-cache");
>> >>> >>>> >> response.setHeader("Expires", "0");
>> >>> >>>> >>
>> >>> >>>> >> or can we create a interceptor which can do this for all the
>> >>> request
>> >>> >>>> wheer
>> >>> >>>> >> we want this feature??
>> >>> >>>> >>
>> >>> >>>> >> 2009/1/21 shekher awasthi <shekher.awas...@gmail.com>
>> >>> >>>> >>
>> >>> >>>> >>> i tried using setting the eader values but they are not
>> working
>> >>> as
>> >>> >>>> expected
>> >>> >>>> >>> i can even
>> >>> >>>> >>>
>> >>> >>>> >>> go and move back using broswer back button.
>> >>> >>>> >>>
>> >>> >>>> >>> if i will find anything helpfull will share with you
>> >>> >>>> >>> till then hard luck
>> >>> >>>> >>> :)
>> >>> >>>> >>>
>> >>> >>>> >>> 2009/1/21 Paweł Wielgus <poulw...@gmail.com>
>> >>> >>>> >>>
>> >>> >>>> >>> Hi Shekher,
>> >>> >>>> >>>> what i meant is that it can be done from server side.
>> >>> >>>> >>>> Check for example Your e-banking application, i did it on
>> mine
>> >>> :-).
>> >>> >>>> >>>> There, when You press back button browser won't serve You
>> cached
>> >>> >>>> page
>> >>> >>>> >>>> but ask server for fresh one - this is controlled with
>> >>> content-cache
>> >>> >>>> >>>> and pragma, but i can't be more helpfull to You here because
>> i
>> >>> >>>> haven't
>> >>> >>>> >>>> done it before.
>> >>> >>>> >>>>
>> >>> >>>> >>>> Best greetings,
>> >>> >>>> >>>> Paweł Wielgus.
>> >>> >>>> >>>>
>> >>> >>>> >>>>
>> >>> >>>> >>>> 2009/1/21 shekher awasthi <shekher.awas...@gmail.com>:
>> >>> >>>> >>>> > Hi Paweł,
>> >>> >>>> >>>> >
>> >>> >>>> >>>> > thats true it only send request to server if i will
>> refresh
>> >>> the
>> >>> >>>> page
>> >>> >>>> >>>> and
>> >>> >>>> >>>> > for that i have already custom interceptor places which is
>> >>> >>>> checking the
>> >>> >>>> >>>> user
>> >>> >>>> >>>> > object in session in order to confirm that the request is
>> from
>> >>> >>>> >>>> authorized
>> >>> >>>> >>>> > user
>> >>> >>>> >>>> >
>> >>> >>>> >>>> > but when i make use of back button it serve the page from
>> the
>> >>> >>>> local
>> >>> >>>> >>>> > chache,so the problem is related to client side more than
>> that
>> >>> of
>> >>> >>>> server
>> >>> >>>> >>>> > handling
>> >>> >>>> >>>> >
>> >>> >>>> >>>> > still trying to find a firm solution for it
>> >>> >>>> >>>> >
>> >>> >>>> >>>> > 2009/1/20 Paweł Wielgus <poulw...@gmail.com>
>> >>> >>>> >>>> >
>> >>> >>>> >>>> >> Hi Shekher,
>> >>> >>>> >>>> >> first try this scenario:
>> >>> >>>> >>>> >> 1. logout user
>> >>> >>>> >>>> >> 2. back button - check for logs if action was fired
>> >>> >>>> >>>> >> 3. refresh page - check for logs if action was fired
>> >>> >>>> >>>> >> Most likely only the 3. will fire action because browser
>> will
>> >>> >>>> serve
>> >>> >>>> >>>> >> cached version of that page.
>> >>> >>>> >>>> >> I was about to write that to deal with it You can use
>> https
>> >>> >>>> scheme,
>> >>> >>>> >>>> >> but i just got it checked and it's not true. So maybe
>> using
>> >>> >>>> pragma and
>> >>> >>>> >>>> >> or cache-control will do?
>> >>> >>>> >>>> >>
>> >>> >>>> >>>> >> Still user can disable javascript so solution with script
>> >>> might
>> >>> >>>> not
>> >>> >>>> >>>> work.
>> >>> >>>> >>>> >> If You find out anything more please let us know.
>> >>> >>>> >>>> >>
>> >>> >>>> >>>> >> Best greetings,
>> >>> >>>> >>>> >> Paweł Wielgus.
>> >>> >>>> >>>> >>
>> >>> >>>> >>>> >>
>> >>> >>>> >>>> >> 2009/1/20 Robert Graf-Waczenski <r...@lsoft.com>:
>> >>> >>>> >>>> >> > You don't write if the browser back button is supposed
>> to
>> >>> be
>> >>> >>>> >>>> functional
>> >>> >>>> >>>> >> in
>> >>> >>>> >>>> >> > your application (in many cases it is not, but YMMV).
>> >>> >>>> >>>> >> >
>> >>> >>>> >>>> >> > If you want to disable the browser back button, use the
>> >>> code
>> >>> >>>> below in
>> >>> >>>> >>>> all
>> >>> >>>> >>>> >> > your pages:
>> >>> >>>> >>>> >> >
>> >>> >>>> >>>> >> > <script type="text/javascript">
>> >>> >>>> >>>> >> > history.forward();
>> >>> >>>> >>>> >> > </script>
>> >>> >>>> >>>> >> >
>> >>> >>>> >>>> >> > I'm not aware of any feature in Struts2 that deals with
>> the
>> >>> >>>> browser
>> >>> >>>> >>>> back
>> >>> >>>> >>>> >> > button.
>> >>> >>>> >>>> >> >
>> >>> >>>> >>>> >> > Robert
>> >>> >>>> >>>> >> >
>> >>> >>>> >>>> >> >
>> >>> >>>> >>>> >> > shekher awasthi wrote:
>> >>> >>>> >>>> >> >>
>> >>> >>>> >>>> >> >> Hi All,
>> >>> >>>> >>>> >> >>
>> >>> >>>> >>>> >> >> in the process of developing application using struts
>> >>> 2.0.11,
>> >>> >>>> i came
>> >>> >>>> >>>> >> >> across
>> >>> >>>> >>>> >> >> the problem of handling browser back/forward button.
>> >>> >>>> >>>> >> >>
>> >>> >>>> >>>> >> >> This problem is occurring when we will logout the
>> user.On
>> >>> >>>> Clicking
>> >>> >>>> >>>> the
>> >>> >>>> >>>> >> >> logout button we are currently removing the user from
>> the
>> >>> >>>> session
>> >>> >>>> >>>> >> >>
>> >>> >>>> >>>> >> >> and it worked fine for us. After the successful logout
>> >>> process
>> >>> >>>> user
>> >>> >>>> >>>> will
>> >>> >>>> >>>> >> >> be
>> >>> >>>> >>>> >> >> redirected to the index page(which have the login
>> field),
>> >>> >>>> >>>> >> >>
>> >>> >>>> >>>> >> >> but when user hits the browser back button he is
>> getting
>> >>> >>>> himself
>> >>> >>>> >>>> there
>> >>> >>>> >>>> >> in
>> >>> >>>> >>>> >> >> the secure page even we have remove the user object
>> from
>> >>> the
>> >>> >>>> session
>> >>> >>>> >>>> >> >>
>> >>> >>>> >>>> >> >> below is the code we are using for removing the user
>> >>> >>>> >>>> >> >>
>> >>> >>>> >>>> >> >> session.remove(BSConstant.USER);
>> >>> >>>> >>>> >> >>
>> >>> >>>> >>>> >> >> i am clueless where we are doing wrong , as we think
>> >>> >>>> >>>> >> >> we
>> >>> are
>> >>> >>>> having
>> >>> >>>> >>>> two
>> >>> >>>> >>>> >> >> points
>> >>> >>>> >>>> >> >>
>> >>> >>>> >>>> >> >> 1) Either the user is not getting removed from the
>> >>> session,but
>> >>> >>>> the
>> >>> >>>> >>>> >> chances
>> >>> >>>> >>>> >> >> are very less as for all other call after logout it is
>> >>> forcing
>> >>> >>>> the
>> >>> >>>> >>>> user
>> >>> >>>> >>>> >> to
>> >>> >>>> >>>> >> >> login first.
>> >>> >>>> >>>> >> >>
>> >>> >>>> >>>> >> >> 2) Back button handling is not there
>> >>> >>>> >>>> >> >>
>> >>> >>>> >>>> >> >> my question is, Is there any way in struts2 to handle
>> >>> browser
>> >>> >>>> >>>> >> back/forward
>> >>> >>>> >>>> >> >> button or do i need to use some other technique like
>> >>> >>>> >>>> >> >>
>> >>> >>>> >>>> >> >> setting response header
>> >>> >>>> >>>> >> >>
>> >>> >>>> >>>> >> >> any suggestion in this regard will be much
>> >>> >>>> >>>> >> >> appreciated.
>> >>> >>>> >>>> >> >>
>> >>> >>>> >>>> >> >> -s
>> >>> >>>> >>>> >> >>
>> >>> >>>> >>>> >> >>
>> >>> >>>> >>>> >> >
>> >>> >>>> >>>> >> >
>> >>> >>>> >>>> >> >
>> >>> >>>>
>> ---------------------------------------------------------------------
>> >>> >>>> >>>> >> > To unsubscribe, e-mail:
>> user-unsubscr...@struts.apache.org
>> >>> >>>> >>>> >> > For additional commands, e-mail:
>> >>> user-h...@struts.apache.org
>> >>> >>>> >>>> >> >
>> >>> >>>> >>>> >> >
>> >>> >>>> >>>> >>
>> >>> >>>> >>>> >>
>> >>> >>>>
>> ---------------------------------------------------------------------
>> >>> >>>> >>>> >> To unsubscribe, e-mail:
>> user-unsubscr...@struts.apache.org
>> >>> >>>> >>>> >> For additional commands, e-mail:
>> user-h...@struts.apache.org
>> >>> >>>> >>>> >>
>> >>> >>>> >>>> >>
>> >>> >>>> >>>> >
>> >>> >>>> >>>>
>> >>> >>>> >>>>
>> >>> >>>>
>> ---------------------------------------------------------------------
>> >>> >>>> >>>> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
>> >>> >>>> >>>> For additional commands, e-mail: user-h...@struts.apache.org
>> >>> >>>> >>>>
>> >>> >>>> >>>>
>> >>> >>>> >>>
>> >>> >>>> >>
>> >>> >>>> >
>> >>> >>>> >
>> >>> ---------------------------------------------------------------------
>> >>> >>>> > To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
>> >>> >>>> > For additional commands, e-mail: user-h...@struts.apache.org
>> >>> >>>> >
>> >>> >>>> >
>> >>> >>>> >
>> >>> >>>> >
>> >>> >>>> >
>> >>> >>>>
>> >>> >>>>
>> ---------------------------------------------------------------------
>> >>> >>>> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
>> >>> >>>> For additional commands, e-mail: user-h...@struts.apache.org
>> >>> >>>>
>> >>> >>>>
>> >>> >>>
>> >>> >>
>> >>> >
>> >>>
>> >>> ---------------------------------------------------------------------
>> >>> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
>> >>> For additional commands, e-mail: user-h...@struts.apache.org
>> >>>
>> >>>
>> >>
>> >
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
>> For additional commands, e-mail: user-h...@struts.apache.org
>>
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
