Prevent IE caching

Asked 17/5, 2010 at 12:21 Answered 21/10, 2013 at 8:29

Solved java internet-explorer jsp struts browser-cache

I am developing a Java EE web application using Struts. The problem is with Internet Explorer caching. If an user logs out he can access some pages because they are cached and no request is made. If I hit refresh it works fine. Also if an user goes to login page again it won't redirect him because that page is also cached.

Two solutions come to my mind:

Writing an Interceptor (servlet filter like) to add to response header no-cache etc.
Or or put <meta> tags at each page.

Which one should I do?

Riemann answered 17/5, 2010 at 12:21 Comment(4)

Which version of Struts are you using? – Haskins 17/5, 2010 at 12:53

I have found that adding the no-cache headers does not always work on IE. – Thomsen 23/10, 2010 at 18:16

Apparently you forgot the Expires header. See also the answers in this question. – Reagent 23/10, 2010 at 19:25

@Thomsen so what is the solution for this? – Spinode 4/1, 2013 at 11:22

Rather set the following headers on the HttpServletResponse of the page(s) in question so that you don't need to copypaste it over all pages manually:

response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate"); // HTTP 1.1.
response.setHeader("Pragma", "no-cache"); // HTTP 1.0.
response.setDateHeader("Expires", 0); // Proxies.

This is equivalent to setting the following meta headers in the page(s) manually:

<meta http-equiv="Cache-Control" content="no-cache, no-store, must-revalidate">
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="Expires" content="0">

Also see this answer. Don't forget to clear browser cache before testing ;)

Reagent answered 17/5, 2010 at 12:49 Comment(0)

I've found the following to work well:

response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, pre-check=0, post-check=0, private");
response.setHeader("Pragma", "no-cache");
response.setDateHeader("Expires", 0);

From the tags on this question it looks like you are using Struts. Struts 1.x allows you to do this through configuration in struts-config.xml by setting nocache="true" on the controller element:

<controller processorClass="org.apache.struts.tiles.TilesRequestProcessor" nocache="true" />

Mark Nottingham's caching tutorial is the best resource I've seen on the web about HTTP and caching if you are looking to understand more.

That being said, depending on the problem you are seeing it might be a browser history issue. See here for more information about that.

Haskins answered 17/5, 2010 at 13:3 Comment(3)

BTW: only the first three Cache-Control properties as shown in your example is sufficient, they (and the Expires header) already "implicitly" sets the subsequent properties to the desired values. – Reagent 17/5, 2010 at 13:13

We arrived at those values while researching a problem where users with Opera were able to view secure pages in their browser history after logging off and destroying their session. That value was used as a fix. I'm trying to find the original link that explained how those settings were arrived at but I haven't been able to so far. Perhaps it is overkill though given that I only learned about the differences between browser cache and browser history after that research. – Haskins 17/5, 2010 at 13:27

There was indeed a related Opera 8.x bug which was fixed halfway the previous decade. Also caching of a redirect wasn't done properly in this browser. But practically nobody uses Opera 8 nowadays. – Reagent 17/5, 2010 at 13:53

Looks like IE < 9 will still cache even if you have pragma: no-cache in the head and set browser to refresh on each page load. You need to add the meta tags again in a second head section before close of the html. This is right from MS itself.

http://support.microsoft.com/kb/222064/

little better explanation here

http://www.htmlgoodies.com/beyond/reference/article.php/3472881/So-You-Dont-Want-To-Cache-Huh.htm

From testing you also need the Expires: -1 meta tag to make it work. It is recommended to use Expires: -1 and not 0.

Zecchino answered 30/1, 2012 at 17:52 Comment(0)

Add tag type="button" into actual action button.

The default value of the type attribute depends on the current document compatibility mode. The default value is submit. In other compatibility modes the default value is button. When the BUTTON element is submitted in a form, the value depends on the current document compatibility mode. Windows Internet Explorer 8 and later. The default value of the type attribute depends on the current document compatibility mode. In IE8 Standards mode, the default value is submit. In other compatibility modes and earlier versions of Windows Internet Explorer, the default value is button. Internet Explorer 8 and later. When the BUTTON element is submitted in a form, the value depends on the current document compatibility mode. In IE8 mode, the value attribute is submitted. In other document modes and earlier versions of Internet Explorer, the innerText value is submitted.

http://msdn.microsoft.com/en-us/library/ie/ms535211(v=vs.85).aspx

Humidify answered 21/10, 2013 at 8:29 Comment(0)

-1

Modify the headers with no-cache etc. It is the usual way.

Foredate answered 17/5, 2010 at 12:24 Comment(1)

So writing an interceptor is better...Could you tell me which headers to add? Because i see several headers that should be put – Riemann 17/5, 2010 at 12:25

Recommended topics

Hot tags