I have three servlets that handle login, display some data and log out each.
In the login servlet in the doPost method I initialize my session with this code
HttpSession session = request.getSession(); session.setAttribute("UserObject", customer); response.sendRedirect("MainServlet");In the Main servlet I have this code in the doGet method:
User user= new Seller();HttpSession session = request.getSession(false);if (session != null && session.getAttribute("UserObject") != null) { System.out.println("Success on session"); user = (User) session.getAttribute("UserObject");}response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate"); // HTTP 1.1response.setHeader("Pragma", "no-cache"); // HTTP 1.0response.setDateHeader("Expires", 0); // ProxiesThis code populates some data of the user object but also fills some tables from a DataBase.
And in the doPost method when I want to logout I have this code:
out.println("<form action=\"LogOut\" method=\"get\">\n" +" <input type=\"submit\" value= \"LogOut\">\n" +"</form>");Finally, the logout servlet in the doGet method has this code for invalidating the session:
HttpSession session = request.getSession(false);if (session != null) { session.invalidate();}response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate"); // HTTP 1.1response.setHeader("Pragma", "no-cache"); // HTTP 1.0response.setDateHeader("Expires", 0); // Proxiesresponse.sendRedirect("index.html");Problem is that the invalidation happens successfully for the object's data but not for the data loaded with the database (cashed maybe?). Before invalidating there is a table with the user's name and surname, loaded by the object's attributes and a table with data loaded by a database. After logging out/invalidating and pressing the back button on the browser the data about the object are set to null correctly, but all the data filled by the database is still there. The caching does not seem to go away.
Even when trying from a fresh browser all the data is kept there. What's a solution?