9

To handle viewExpiredException in JSF, I coded

<error-page>
    <exception-type>javax.faces.application.ViewExpiredException</exception-type>
    <location>/error.html</location>
</error-page>

<session-config>
    <session-timeout>1</session-timeout>
</session-config>

in web.xml.

In error.html I have redirected to original login page. But the problem is session scoped bean were not cleared out even session expired. Is there any way to solve this?

BalusC
  • 992,635
  • 352
  • 3,478
  • 3,452
user234194
  • 1,623
  • 9
  • 35
  • 54

1 Answers1

7

The login page is likely been requested from the browser cache. Disable it by creating a Filter which is tied to the FacesServlet and has basically the following lines in the doFilter() method, so that you don't need to repeat it over all pages which you'd like to prevent from being cached.

response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate"); // HTTP 1.1.
response.setHeader("Pragma", "no-cache"); // HTTP 1.0.
response.setDateHeader("Expires", 0); // Proxies.
BalusC
  • 992,635
  • 352
  • 3,478
  • 3,452
  • If I use Facelets and have a fixed layout, is there any difference setting it in the header or in a filter? – RinaldoDev Oct 02 '12 at 19:04
  • @Rin: No, there's absolutely no difference. You only need to keep in mind that the HTTP response headers have always precedence over the ones set in meta. So if the server has set some defaults in the HTTP response header, then they will override the ones which you set in meta. See also http://stackoverflow.com/questions/49547/making-sure-a-web-page-is-not-cached-across-all-browsers/2068407#2068407 and http://stackoverflow.com/questions/10305718/avoid-back-button-on-jsfprimefaces-application/10305799#10305799 – BalusC Oct 02 '12 at 19:05
  • Sorry, forgot to thank you. :) It was very enlightening; – RinaldoDev Oct 04 '12 at 12:07