I am working on AngularJS project with a form based authentication and have sometimes unexpected behaviour which I couldn't track.
The application running on Websphere 8.0.0.10, session management is done by cookies.
The required workflow is following:
app is being redirected to login.html by Websphere, there's web.xml security constraint:
<security-constraint>
<display-name>userConstraint</display-name>
<web-resource-collection>
<web-resource-name>userResource</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<description>user</description>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Allowed resources</web-resource-name>
<url-pattern>/js/*</url-pattern>
<url-pattern>/css/*</url-pattern>
<url-pattern>/myStyle/*</url-pattern>
</web-resource-collection>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Example Form-Based Authentication Area</realm-name>
<form-login-config>
<form-login-page>/login.html</form-login-page>
<form-error-page>/login.html?retry=true</form-error-page>
</form-login-config>
</login-config>
<security-role>
<role-name>user</role-name>
</security-role>
This is desired behaviour but sometimes it behaves differently. After I have entered the application
and then closed a browser, and reopened it again it goes to '/page'
as defined by $routerProvider
,
you can see this code below:
$routeProvider.when('/pages', {
templateUrl: 'pages.html',
controller: 'pagesCtrl'
});
$routeProvider.when('/page', {
templateUrl: 'page.html',
controller: 'pageCtrl'
})
.otherwise({redirectTo: '/page'});
It goes to '/page'
but application doesn't work, throws various exception that it can't initiate this or that module
even if I've deleted cookies manually or even If I open application in a Chrome
incognito window when session should be expired and Websphere should redirect it to login.html.
Only if I refresh it once again it goes to login.html
If I understand correctly it's partially cached by browser and some modules of the application loaded from the cache, even more, when I load application with developer console opened and disabling cache it works flawlessly but when console is closed it doesn't work.
I've tried to disable the cache by adding the following code to my index.html
but it didn't help:
<meta http-equiv="cache-control" content="max-age=0" />
<meta http-equiv="cache-control" content="no-cache" />
<meta http-equiv="expires" content="0" />
<meta http-equiv="expires" content="Tue, 01 Jan 1980 1:00:00 GMT" />
<meta http-equiv="pragma" content="no-cache" />
Thank you in advance.
problem solved. I used @WebFilter with the following lines:
HttpServletResponse response = (HttpServletResponse) res;
response.addHeader("Pragma", "no-cache");
response.addHeader("Cache-Control", "no-cache");
response.addHeader("Cache-Control", "no-store");
response.addHeader("Cache-Control", "must-revalidate");
response.addHeader("Expires", "Tue, 01 Jan 1980 1:00:00 GMT");