注销后单击后退按钮缓存问题 [英] after logout click on back button cache issue

问题描述

<%
    response.setHeader("Cache-Control","no-cache,no-store,must-revalidate");//HTTP 1.1
    response.setHeader("Pragma","no-cache"); //HTTP 1.0
    response.setDateHeader ("Expires", 0); //prevents caching at the proxy server
%>

如果单击后退按钮，则会在登录页面上显示旧页面，因为它已登录我在jsp中使用了3行以上，并且我在body标签内的所有jsps中包含了这一行。这对某些jsps不起作用。在loggout之后我们需要考虑什么才能停止缓存。如果一个带有Post方法的表单的jsp，这种技术不起作用？。

after logout, on comming login page if you click back button it shows old page as it is logged in. I am using above 3 lines in a jsp and I am including this in all my jsps inside body tag. this is not working for some jsps . what are the things we need to consider for stoping cacheing after loggout . If a jsp having a form with Post method , this technique does not work ?.

在我的Logout操作中，我正在这样做。

In my Logout action I am doing this.

Cookie logoutCookie = new Cookie("somename", null);
logoutCookie.setPath("/somename");
logoutCookie.setMaxAge(0);
ServletActionContext.getResponse().addCookie(logoutCookie);

谢谢。

推荐答案

我在body标签内的所有jsps中包含了这个

当HTTP响应已在此时提交时，这可能太晚。当已经向其写入X个字符时，将提交HTTP响应，在您的情况下将是HTML < head> 。您需要将这些行放在JSP文件的最顶层，而不是放在HTML表示的< body> 中。

This might be too late when the HTTP response is already committed at that point. A HTTP response will be committed when an X amount of characters are already been written to it, which will in your case be the HTML <head>. You need to put those lines in the very top of the JSP file, not in the <body> of the HTML representation.

在一个不相关的说明中，你通过在多个文件上复制相同行代码来制造一个巨大的设计错误。这不是 DRY 。每当您需要复制代码时，您应该始终停下来问问自己是否没有单个位置来执行特定代码。在您的特定情况下，您应该使用过滤器。有关具体示例，请参阅此答案：防止用户在注销后看到以前访问过的安全页面。此外，在JSP中编写Java代码是一种不好的做法。检查如何避免JSP文件中的Java代码？

On an unrelated note, you're making a huge design mistake by copypasting the same lines of code over multiple files. This is not DRY. Whenever you need to copypaste code, you should always stop and ask yourself if there isn't a single place to execute the particular code. In your particular case, you should have used a Filter instead. For a concrete example, see also this answer: Prevent user from seeing previously visited secured page after logout. Also, writing Java code in JSPs is a bad practice. Check How to avoid Java code in JSP files?

此外，您的注销方法很奇怪。不要将用户名存储在某个自定义cookie中。你基本上是在彻底改造会议。只需将登录用户存储为会话属性，并使整个会话无效并发送重定向。

Also, your logout method is strange. Don't store the username in some custom cookie. You're basically reinventing the session. Just store the logged-in user as a session attribute instead and invalidate the entire session and send a redirect.

request.getSession().invalidate();
response.sendRedirect(request.getContextPath() + "/home.jsp");

有关会话工作的背景信息，请阅读： servlet如何工作？实例化，会话，共享变量和多线程

For background information on working of session, read this: How do servlets work? Instantiation, sessions, shared variables and multithreading

这篇关于注销后单击后退按钮缓存问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！