Welcome to the Java Programming Forums

The professional, friendly Java community. 21,500 members and growing!

The Java Programming Forums are a community of Java programmers from all around the World. Our members have a wide range of skills and they all have one thing in common: A passion to learn and code Java. We invite beginner Java programmers right through to Java professionals to post here and share your knowledge. Become a part of the community, help others, expand your knowledge of Java and enjoy talking with like minded people. Registration is quick and best of all free. We look forward to meeting you.


Members have full access to the forums. Advertisements are removed for registered users.

Results 1 to 1 of 1

Thread: Sometimes users see other's secure data over ssl on jsp struts and glassfish

  1. #1
    Junior Member
    Join Date
    Dec 2010
    Thanked 0 Times in 0 Posts

    Default Sometimes users see other's secure data over ssl on jsp struts and glassfish


    I am working in a very secure banking environment, where data privacy is the highest concern. I am facing a very critical issue. After every few days we get a complain from our customers that when they logged in they saw statement of another person. This problem is only temporary and it shows them their correct statement once they refresh the page. I have tried many things to resolve this problem, and have also recreated the application from scratch but I'm still unable to resolve the issue.

    - I have also disabled any cache through:

    response.setHeader("Cache-Control", "no-cache,must-revalidate"); //HTTP 1.1
    response.setHeader("Pragma", "no-cache"); //HTTP 1.0
    response.setDateHeader("Expires", -1); //prevents caching at the proxy server


    Is anyone else facing the same issue or has ever faced this issue? if so then what is the solution? In my latest research I found that I am not exclusively flushing out the buffer by out.flush(). Can this be a issue? I always assume jsp has auto flush because of which I never used out.flush() exclusively.

    Also, to add that when the users see the junk statements of another user and do a view source on the browser then the content of the html and what is being displayed is totally different.

    This matter is urgent and any of your ideas would be helpful for me.

    - JSP 2.1
    - Struts 2.1.8
    - Glasshfish v3
    - Using HTTPS

    Amir Ali
    Last edited by amirali1982; December 30th, 2010 at 05:47 AM.

Similar Threads

  1. Replies: 2
    Last Post: December 30th, 2010, 01:28 PM
  2. How to Get users home directory
    By JavaPF in forum Java Programming Tutorials
    Replies: 0
    Last Post: September 2nd, 2010, 10:37 AM
  3. Replies: 0
    Last Post: April 15th, 2010, 05:13 AM
  4. Replies: 5
    Last Post: April 20th, 2009, 06:47 AM
  5. How to know number of user downloading an application?
    By jazz2k8 in forum Java Theory & Questions
    Replies: 2
    Last Post: July 3rd, 2008, 04:34 AM

Tags for this Thread