Reputation: 9191
JSF Logout and Expire pages
I used below logout algorithm in my JSF application and its working as user is able to logout and session is terminated.
However, my problem is even if user is redirected to a login page but when he/she presses the browser back button, he is still able to see the previous data.
@ManagedBean
@RequestScoped
public class LogoutBean {
public String logout() {
String result="/faces/pages/public/login.xhtml?faces-redirect=true";
FacesContext context = FacesContext.getCurrentInstance();
HttpServletRequest request = (HttpServletRequest)context.getExternalContext().getRequest();
try {
request.logout();
} catch (ServletException e) {
log.info("Error during logout!");
}
return result;
}
}
Is there a way to configure this in such a way that browser will display page has expired using the logic above.
Upvotes: 1
Views: 2701
Answers (1)
Reputation: 18443
You should disable the browser cache for pages that you don't want the back button to show them again. To do this, you can create a servlet filter that sets required parameters in the response header for those pages:
@WebFilter(servletNames={"Faces Servlet"})
public class NoCacheFilter implements Filter {
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
if (!req.getRequestURI().startsWith(req.getContextPath() + ResourceHandler.RESOURCE_IDENTIFIER)) { // Skip JSF resources (CSS/JS/Images/etc)
res.setHeader("Cache-Control", "no-cache, no-store, must-revalidate"); // HTTP 1.1.
res.setHeader("Pragma", "no-cache"); // HTTP 1.0.
res.setDateHeader("Expires", 0); // Proxies.
}
chain.doFilter(request, response);
}
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void destroy() {
}
}
This way, when the users pushes the browser's back button, the page will be requested again from the server.
Upvotes: 5
Related Questions
- How to invalidate the session on browser close in the JSF
- session Logout problem in jsf
- Implementation of logout action
- how to implement logout process in JSF application
- Logout from any page to the index page
- Logout link in JSF page
- Handling JSF page getting blank after Session has expired
- Logout with jsf and page redirection
- clear the session after logout
- JSF life after logout