We are facing problem with page caching in our web application though “Meta HTTP-EQUIV” details are set in HTML Header section. Details as below:
Once we logout from our web application, we provided a popup message to choose whether to close the IE window.
The user can click on “No” button in above popup preferring not to close the IE window. Now, if the user after logout and being in IE clicks IE button twice or thrice and click button, can easily pass the previosly login screen without another login !! Meaning the user can go into previous login session without another login.
We have provided the following lines in “HTML Header Content” section of login form. But, still no use.
As per advise, I have created a hidden “computed for display” field on top of the login form.
However, still the issue is not resolved. Meaning, when I click back btn twice or thrice after logout, i see “Warning: Page has expired” page and when I refresh this page, I am going into last login session without new login.
Am i missing any other settings ? Please advise.
Fyi, I am still retaining my earlier “Meta…” code in “HTML Header Content” as it is. Do I need to remove it ?
more details about my issue: When clicked on IE btn, the “LoginUser” agent is called which displays the “Disclaimer” form. Once the “Agree” link is clicked being in disclaimer, it takes the user to last login session without challenging for new login.
Since the LoginUser agent code is hidden, I could not analyse further.
Appreciate if anybody got suggestion or solution for this issue.
Is there any possibility of clearing or deleting the cache when “Logout” button is clicked ?
NOTE: @SetHTTPHeader function is already used in login, disclaimer forms using “Computed for Display” hidden field.
We still know little about the authentication procedure you use and especially this spooky LoginUser agent, but the problem is not, that your login form is cached.
If you use any form of form based authentication in Domino, it’s always based on a cookie. Once you log out, this cookie is cleared and there no longer is a use session. The server will not serve any content that should only be visible in this session.
The problem (if you consider it to be a problem) is with the OTHER pages still residing in the browser cache. That means, the browser will not reload the page from the server again, but simply display its cached copy. Unless you want to prevent caching for each and every page (which will result in inferior performance), just change the logout message and advise users to always close the browser, if there is a chance, that anybody else will be using the same computer later on.