But I can see these pages visited in the session just invalidated by using the browser's back button after logging out.
By other Tomcat applications, I mean other applications which have the same arrangements and run under 6.0.26. But when I log out from one of these, I can't see pages just visited. -----Original Message----- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: 12 Oct 2011 23 01 To: Tomcat Users List Subject: Re: Application not logging out properly -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Martin, On 10/12/2011 5:58 PM, Martin O'Shea wrote: > This is true of the current application, but also true of the other > Tomcat applications I have. > > But the others don't seem to have this problem. Which others? > I know the sessions are invalidating because if I try to do something > on one of the pages visited in the session, the login page appears > automatically. You're getting all you can get out of the server-side of this equation. You'll either have to use "expires" or other cache-control headers or just trust your clients not to browse their caches. > Using a filter to prevent caching does seem a sledgehammer approach. > But I have set one up to do just that but I would prefer another > solution. I can't think of one. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk6WDgQACgkQ9CaO5/Lv0PCVzgCeIl7RJkNgbXxNGFj7uJ671fXS MQIAn2SH+d1iK3DumlNIOmMYAWsIF4f4 =MXp5 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org