Often we come across situations where we need to set cache control headers in http response. The one scenario which is very common is, pressing back button after logging out of application. It takes us to previous page, the page which should have been shown to logged in users. It’s actually a cached copy of page. If you see firebug or chrome tools, pressing back button after logging out does not create a new request. Ideally user should be redirected to login page. How to avoid previous page from being shown after logout?
We can add cache parameters in jsp files. Those are :
This works, but not all browsers support this.
We can use the
org.springframework.web.servlet.mvc.WebContentInterceptor. This interceptor extends the
WebContentGenerator class, so it has the setter methods to enable the header parameters.
This will not cache anything and everytime will request for resources. Now, if user presses back button after logout, new request will be generated and user not being logged in, will be redirected to login page again.