This question already has an answer here:
- Avoid back button on JSF web application 2 answers
To handle viewExpiredException in JSF, I coded
<error-page>
<exception-type>javax.faces.application.ViewExpiredException</exception-type>
<location>/error.html</location>
</error-page>
<session-config>
<session-timeout>1</session-timeout>
</session-config>
in web.xml
.
In error.html
I have redirected to original login page. But the problem is session scoped bean were not cleared out even session expired. Is there any way to solve this?
The login page is likely been requested from the browser cache. Disable it by creating a
Filter
which is tied to theFacesServlet
and has basically the following lines in thedoFilter()
method, so that you don't need to repeat it over all pages which you'd like to prevent from being cached.