HttpSession mixed using ISA Server 2006 as proxy
I need your help for this serious problem. I have a java web application using spring-mvc and spring-security deployed in tomcat 6 that works great in normal situations.
I get a client that use ISA Server 2006 as a proxy server and the people that use my app through that proxy experiment some problems with their HttpSessions.
1. Employee A is logged in the application.
2. Employee B is logged in the application.
3. Employee A clicks a button that list his activities and my app show the activities of Employee A.
4. Employee B clicks a button that list his activities and my app show the activities of Employee A too (that is wrong).
I think It is like the ISA Server was mixing the employee sessions logged in the system, because the session is a cookie (file) and the proxy is caching it exchanging the employee information.
The username showing in my app change too, but when i refresh the page with F5 in the browser or use https the problem is solved.
I test putting html/jsp directives for proxy-nocache but it neither works.
Can anyone knows the reason for that?