Home/ Questions/Q 7668839
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-31T15:27:31+00:00

I am handling session expiration in JSF 2.0 using filter . Here is the

  • 0

I am handling session expiration in JSF 2.0 using filter . Here is the code

  @Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain)
        throws IOException, ServletException {

    HttpServletRequest httpServletRequest = (HttpServletRequest) request;
    HttpServletResponse httpServletResponse = (HttpServletResponse) response;

    HttpSession session = httpServletRequest.getSession(false);

    if (session == null) {

        //session timeout check.
        if (httpServletRequest.getRequestedSessionId() != null && !httpServletRequest.isRequestedSessionIdValid()) {

            System.out.println("Session has expired");
            session = httpServletRequest.getSession(true);
            session.setAttribute("logedin", "0");    // public user               
            httpServletResponse.sendRedirect(timeoutPage);

        } else {

            session = httpServletRequest.getSession(true);
            session.setAttribute("logedin", "0");
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        }
    } 
} //end of doFilter()

But the problem is, when session expires and if user click on the back button, then he gets the page with all styling out. Is there is anyway that when session expires, and if user click the browser back button, then he directs to the timeoutPage.

One thing more, that i am also using Prime Faces component on my page, like datatable. I am using pagination. If session time out, and i click on pagination then the session expiration message do not appear. It seems that ajax request don’t call filter? How can i connect my ajax events, or you can say datatable pagination events to session expiration?

Thanks

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    when session expires and if user click on the back button, then he gets the page with all styling out

    You need to tell the browser to not cache the pages in browser cache. The browser shoud instead be sending a full request to the server.

    Add the following lines right before filterChain.doFilter() call.

    if (!httpServletRequest.getRequestURI().startsWith(httpServletRequest.getContextPath() + ResourceHandler.RESOURCE_IDENTIFIER)) { // Skip JSF resources (CSS/JS/Images/etc)
    httpServletResponse.setHeader("Cache-Control", "no-cache, no-store, must-revalidate"); // HTTP 1.1.
    httpServletResponse.setHeader("Pragma", "no-cache"); // HTTP 1.0.
    httpServletResponse.setDateHeader("Expires", 0); // Proxies.
}

    If session time out, and i click on pagination then the session expiration message do not appear. It seems that ajax request don’t call filter?

    JSF ajax requests expect XML responses with HTTP status 200. If you send a synchronous redirect, then a HTTP status 302 response will be sent which will be completely ignored by JSF ajax engine. You should instead be sending a normal HTTP 200 response with a specific piece of XML which tells the JSF ajax engine to perform a redirect. Do this instead of httpServletResponse.sendRedirect() then:

    if ("partial/ajax".equals(httpServletRequest.getHeader("Faces-Request"))) {
    httpServletResponse.setContentType("text/xml");
    httpServletResponse.getWriter()
        .append("<?xml version=\"1.0\" encoding=\"UTF-8\"?>")
        .printf("<partial-response><redirect url=\"%s\"></redirect></partial-response>", timeoutPage);
}
else {
    httpServletResponse.sendRedirect(timeoutPage);
}

    Note that when you’re already inside JSF context (e.g. by PhaseListener or SystemEventListener or maybe a @ManagedBean), then you could just use ExternalContext#redirect() method. It will transparently handle synchronous/asynchronous requests accordingly.

    • 0