The response.setheader on a java servlet does not disable browser cache

Question

What I am trying to do

Goal 1. Not allow the browser to cache responses from the server 2. After session logout the back button should not bring the user to a cached page

What I have done so far

In my web app, i have a login page that authenticates a user and then routes to another page via the Login servlet. In the Login servlet I have set the response header to not cache the html pages. This does not work.

Currently I use the below in the doPost method of the Login servlet

response.setHeader("Cache-control","no-cache, no-store, must-revalidate");
response.setHeader("Pragma","no-cache");
response.setHeader("max-age", "-1");
response.setDateHeader("Expires", 0);

Results The html page header (from google chrome dev tools ) shows this

Accept-Ranges:bytes Content-Length:8404 Content-Type:text/html Date:Sat, 16 Jan 2016 22:26:57 GMT ETag:W/"8404-1452983191066" Last-Modified:Sat, 16 Jan 2016 22:26:31 GMT Server:Apache-Coyote/1.1

Any suggestions people.. Thanks in advance for you time?

Thanks . I did try that but does not seem to work. Also does this work when we make a ajax call from a html page and the response from the server is set not to cache? — Kkris, Jan 16 '16 at 23:49

score 0 · Answer 1 · answered Feb 28 '22 at 15:38

0

Writing only response.setHeader("Cache-Control","no-store"); worked for me.

Tried running my Java application on Chrome and Edge, and the back button showed no signs of caching with the above line of code.

I used Http 1.2 in my application.

answered Feb 28 '22 at 15:38

Jyotsna Masand

95
1
6

The response.setheader on a java servlet does not disable browser cache

1 Answers1