RE: Application not logging out properly

2011-10-12 Thread Martin O'Shea
t: Re: Application not logging out properly >> Then they're going to be available in the browser cache until the >> browser chooses to discard them. You can't have it both ways. > >The OP could set expires headers that are relatively short-lived. That >way, the client

Re: Application not logging out properly

2011-10-12 Thread chris derham
>> Then they're going to be available in the browser cache until the >> browser chooses to discard them. You can't have it both ways. > >The OP could set expires headers that are relatively short-lived. That >way, the client /should/ request a fresh page after, say, 30 minutes >or whatever the ses

RE: Application not logging out properly

2011-10-12 Thread Martin O'Shea
Not HTTPS but it worth me checking as you advise. -Original Message- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: 12 Oct 2011 23 16 To: Tomcat Users List Subject: RE: Application not logging out properly > From: Martin O'Shea [mailto:app...@dsl.p

RE: Application not logging out properly

2011-10-12 Thread Caldarale, Charles R
> From: Martin O'Shea [mailto:app...@dsl.pipex.com] > Subject: RE: Application not logging out properly > But I can see these pages visited in the session just invalidated > by using the browser's back button after logging out. The session state is completely irreleva

RE: Application not logging out properly

2011-10-12 Thread Martin O'Shea
r /* REQUEST FORWARD INCLUDE ERROR So be it. I can always edit the to exclude certain pages anyway. Thanks. -Original Message- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: 12 Oct 2011 23 05 To: Tomcat Users List Subject: RE:

RE: Application not logging out properly

2011-10-12 Thread Caldarale, Charles R
> From: Martin O'Shea [mailto:app...@dsl.pipex.com] > Subject: RE: Application not logging out properly > But it doesn't explain why I can see the pages after session invalidation. It certainly does. If the browser (or some other intermediary) is caching the pages, they wi

RE: Application not logging out properly

2011-10-12 Thread Martin O'Shea
pages just visited. -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: 12 Oct 2011 23 01 To: Tomcat Users List Subject: Re: Application not logging out properly -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Martin, On 10/12/2011 5:58 PM, Martin O&

Re: Application not logging out properly

2011-10-12 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Martin, On 10/12/2011 6:01 PM, Martin O'Shea wrote: > I'm not disagreeing and have set a filter to this end. But it > doesn't explain why I can see the pages after session > invalidation. Your web browser has an on-disk cache. It's reading the files

RE: Application not logging out properly

2011-10-12 Thread Martin O'Shea
cation not logging out properly -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chuck, On 10/12/2011 5:30 PM, Caldarale, Charles R wrote: >> From: Martin O'Shea [mailto:app...@dsl.pipex.com] Subject: RE: >> Application not logging out properly > >> I would rather avoi

Re: Application not logging out properly

2011-10-12 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Martin, On 10/12/2011 5:58 PM, Martin O'Shea wrote: > This is true of the current application, but also true of the other > Tomcat applications I have. > > But the others don't seem to have this problem. Which others? > I know the sessions are inva

Re: Application not logging out properly

2011-10-12 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chuck, On 10/12/2011 5:30 PM, Caldarale, Charles R wrote: >> From: Martin O'Shea [mailto:app...@dsl.pipex.com] Subject: RE: >> Application not logging out properly > >> I would rather avoid forcing the browser to r

RE: Application not logging out properly

2011-10-12 Thread Martin O'Shea
t: RE: Application not logging out properly > From: Martin O'Shea [mailto:app...@dsl.pipex.com] > Subject: RE: Application not logging out properly > I would rather avoid forcing the browser to reload each page via the > appropriate headers. Then they're going to be available in

RE: Application not logging out properly

2011-10-12 Thread Caldarale, Charles R
> From: Martin O'Shea [mailto:app...@dsl.pipex.com] > Subject: RE: Application not logging out properly > I would rather avoid forcing the browser to reload each > page via the appropriate headers. Then they're going to be available in the browser cache until the brows

RE: Application not logging out properly

2011-10-12 Thread Martin O'Shea
I would rather avoid forcing the browser to reload each page via the appropriate headers. -Original Message- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: 12 Oct 2011 22 18 To: Tomcat Users List Subject: RE: Application not logging out properly > From: Mar

RE: Application not logging out properly

2011-10-12 Thread Martin O'Shea
List Subject: Re: Application not logging out properly Martin O'Shea wrote: > Hello > > > > I'm using Apache Tomcat 6.0.26 for an application where the majority > of the content is hidden behind a page requiring authenticated login. > This appears to work fine

Re: Application not logging out properly

2011-10-12 Thread André Warnier
Martin O'Shea wrote: Hello I'm using Apache Tomcat 6.0.26 for an application where the majority of the content is hidden behind a page requiring authenticated login. This appears to work fine but upon logout, I find I am able to browse back through some of the pages visited in the session.

RE: Application not logging out properly

2011-10-12 Thread Caldarale, Charles R
> From: Martin O'Shea [mailto:app...@dsl.pipex.com] > Subject: Application not logging out properly > upon logout, I find I am able to browse back through some > of the pages visited in the session. Are you sure it's not the browser simply displaying previously cached pages? If so, then have