I'm not disagreeing and have set a filter to this end. But it doesn't explain why I can see the pages after session invalidation.
-----Original Message----- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: 12 Oct 2011 22 59 To: Tomcat Users List Subject: Re: Application not logging out properly -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Chuck, On 10/12/2011 5:30 PM, Caldarale, Charles R wrote: >> From: Martin O'Shea [mailto:app...@dsl.pipex.com] Subject: RE: >> Application not logging out properly > >> I would rather avoid forcing the browser to reload each page via the >> appropriate headers. > > Then they're going to be available in the browser cache until the > browser chooses to discard them. You can't have it both ways. The OP could set expires headers that are relatively short-lived. That way, the client /should/ request a fresh page after, say, 30 minutes or whatever the session timeout is set to. But Martin, I agree with Chuck: you can't have it both ways. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk6WDZsACgkQ9CaO5/Lv0PCtGwCfdNJLAT8arkYg3n5TNrgtoFne wFQAnAhmK2MqMBEMacc4a6zRAyTfKC/1 =s6fC -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
