JSF life after logout
I\'m using form based authentication.
I have a logout link which looks like:
-
You need to redirect after invalidate. Otherwise the page is been shown in midst of the "invalidated" session. Add
faces-redirect=trueto the outcome to trigger the redirect.public String logout() { FacesContext.getCurrentInstance().getExternalContext().invalidateSession(); return "/index?faces-redirect=true"; }The redirect will cause the webbrowser to fire a new GET request after the POST response and in turn cause the server to create a brand new session. This way the views will work as intended.
As to the CSS resources, they apparently still need a login. The "Unprotected area" constraint which you have there is not going to work. Remove it and change the URL-pattern of your main security constraint to for example
/app/*or whatever a common path of the secured area is.讨论(0)
加载中...
- 热议问题