问题
In my web application, when the user logs out, he should not have access to pages he's previously viewed while he was logged in. However, due to browser caching, he can view those pages when clicked on the back button.
I defined an Interceptor to handle this:
public String intercept(ActionInvocation invocation) throws Exception {
// TODO Auto-generated method stub
final ActionContext context = invocation.getInvocationContext();
HttpServletResponse response = (HttpServletResponse)context.get(StrutsStatics.HTTP_RESPONSE);
if(response!=null){
response.setHeader("Cache-control", "no-cache, no-store");
response.setHeader("Pragme", "no-cache");
response.setHeader("Expires", "-1");
}
return invocation.invoke();
}
and in struts.xml :
<interceptors>
<interceptor name="cachingHeadersInterceptor" class="com.prosonsulto.interceptor.CachingHeadersInterceptor"/>
<interceptor-stack name="defaultSecurityStack">
<interceptor-ref name="defaultStack"/>
<interceptor-ref name="cachingHeqadersInterceptor"/>
</interceptor-stack>
</interceptors>
What happens is, after adding this, I get a 404 error when I run my application.
I tried adding the response headers in the pages:
<%response.setHeader("Cache-Control", "no-cache");
response.setHeader("Cache-Control", "no-store");
response.setDateHeader("Expires", -1);
response.setHeader("Pragma", "no-cache");
%>
But it's going to be tedious to have to add it to all the pages one by one. Plus, the user could always do a form re-submission and have access to those pages again without actually typing in his login credentials.
What should I be ideally doing to prevent browser caching?
回答1:
Change this code
from
response.setHeader("Pragme", "no-cache");
to
response.setHeader("Pragma", "no-cache");
Because you have errors in your code you can't apply this interceptor, after you fix that errors you can use it to prevent caching.
来源:https://stackoverflow.com/questions/24481871/how-to-disallow-caching-in-struts2