How to move user to timeout page when session expires, if user click on browser back button
I am handling session expiration in JSF 2.0 using filter . Here is the code
@Override
public void doFilter(ServletRequest request, ServletResponse response
-
when session expires and if user click on the back button, then he gets the page with all styling out
You need to tell the browser to not cache the pages in browser cache. The browser shoud instead be sending a full request to the server.
Add the following lines right before
filterChain.doFilter()call.if (!httpServletRequest.getRequestURI().startsWith(httpServletRequest.getContextPath() + ResourceHandler.RESOURCE_IDENTIFIER)) { // Skip JSF resources (CSS/JS/Images/etc) httpServletResponse.setHeader("Cache-Control", "no-cache, no-store, must-revalidate"); // HTTP 1.1. httpServletResponse.setHeader("Pragma", "no-cache"); // HTTP 1.0. httpServletResponse.setDateHeader("Expires", 0); // Proxies. }
If session time out, and i click on pagination then the session expiration message do not appear. It seems that ajax request don't call filter?
JSF ajax requests expect XML responses with HTTP status 200. If you send a synchronous redirect, then a HTTP status 302 response will be sent which will be completely ignored by JSF ajax engine. You should instead be sending a normal HTTP 200 response with a specific piece of XML which tells the JSF ajax engine to perform a redirect. Do this instead of
httpServletResponse.sendRedirect()then:if ("partial/ajax".equals(httpServletRequest.getHeader("Faces-Request"))) { httpServletResponse.setContentType("text/xml"); httpServletResponse.getWriter() .append("") .printf("Note that when you're already inside JSF context (e.g. by
PhaseListenerorSystemEventListeneror maybe a@ManagedBean), then you could just useExternalContext#redirect()method. It will transparently handle synchronous/asynchronous requests accordingly.讨论(0)
加载中...
- 热议问题