1

Consider:

In IE 9,

enter image description here

To clear Cache, I did:

  1. Open IE, Press F12, then Ctrl + R

  2. A pop-up "Are you sure you want to clear browser cache" pops up

  3. Select Yes.

Filter:

@WebFilter("*.*")
public class NoCacheFilter
    implements Filter {

    @Override
    public void destroy() {

    }

    @Override
    public void doFilter(ServletRequest req, ServletResponse res,
                         FilterChain chain)
        throws IOException,
            ServletException {

        HttpServletResponse response = (HttpServletResponse) res;

        response.setHeader("Cache-Control",
            "no-cache, no-store, must-revalidate"); // HTTP 1.1.
        response.setHeader("Pragma", "no-cache"); // HTTP 1.0.
        response.setDateHeader("Expires", 0); // Proxies.

        System.out.println("Hello World!");

        chain.doFilter(req, res);
    }

    @Override
    public void init(FilterConfig arg0) throws ServletException {

        // TODO Auto-generated method stub

    }

}

Java Configuration:

public class SpittrWebAppInitializer
    extends AbstractAnnotationConfigDispatcherServletInitializer {

    @Override
    protected String[] getServletMappings() {

        /* Map DispatcherServlet to /, handles, all the requests coming into the web app. */

        return new String[] {"/"};

    }

    @Override
    protected Class<?>[] getRootConfigClasses() {

        return new Class<?>[] {RootConfig.class};
    }

    @Override
    protected Class<?>[] getServletConfigClasses() {

        /* Specify configuration data */
        return new Class<?>[] {WebConfig.class};
    }

    @Override
    protected Filter[] getServletFilters() {

        return new Filter[] {new NoCacheFilter()};
    }

}

Spring Security:

@Configuration
@EnableWebSecurity
public class SecurityConfig
    extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http.formLogin().and().authorizeRequests().antMatchers("/spitter/")
            .authenticated().antMatchers(HttpMethod.GET, "/spitter/register")
            .authenticated().and().logout().logoutSuccessUrl("/login");

    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth)
        throws Exception {

        auth.inMemoryAuthentication().withUser("user").password("password")
            .roles("USER").and().withUser("admin").password("password")
            .roles("USER", "ADMIN");
    }

}

Login & logout both are working fine.

Whn I press the back button, I am able to see the cache-pages, even though I have cleared the cache.

If I am not wrong, the response headers are set correctly,

I am still able to see the pages by pressing browser back button even after logout.

Any suggestions?

BalusC
  • 1,082,665
  • 372
  • 3,610
  • 3,555
Farhan stands with Palestine
  • 13,890
  • 13
  • 58
  • 105

0 Answers0