Sometimes users see other's secure data over ssl on jsp struts and glassfish
I am working in a very secure banking environment, where data privacy is the highest concern. I am facing a very critical issue. After every few days we get a complain from our customers that when they logged in they saw statement of another person. This problem is only temporary and it shows them their correct statement once they refresh the page. I have tried many things to resolve this problem, and have also recreated the application from scratch but I'm still unable to resolve the issue.:confused::confused:
- I have also disabled any cache through:
response.setHeader("Cache-Control", "no-cache,must-revalidate"); //HTTP 1.1
response.setHeader("Pragma", "no-cache"); //HTTP 1.0
response.setDateHeader("Expires", -1); //prevents caching at the proxy server
Is anyone else facing the same issue or has ever faced this issue? if so then what is the solution? In my latest research I found that I am not exclusively flushing out the buffer by out.flush(). Can this be a issue? I always assume jsp has auto flush because of which I never used out.flush() exclusively.
Also, to add that when the users see the junk statements of another user and do a view source on the browser then the content of the html and what is being displayed is totally different.
This matter is urgent and any of your ideas would be helpful for me. :eek:
- JSP 2.1
- Struts 2.1.8
- Glasshfish v3
- Using HTTPS