Home/ Questions/Q 8812421
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-14T03:36:09+00:00

I used below logout algorithm in my JSF application and its working as user

  • 0

I used below logout algorithm in my JSF application and its working as user is able to logout
and session is terminated.

However, my problem is even if user is redirected to a login page but when he/she presses the browser back button,
he is still able to see the previous data.

@ManagedBean
@RequestScoped
public class LogoutBean {
  public String logout() {
    String result="/faces/pages/public/login.xhtml?faces-redirect=true";

    FacesContext context = FacesContext.getCurrentInstance();
    HttpServletRequest request = (HttpServletRequest)context.getExternalContext().getRequest();

    try {
      request.logout();
    } catch (ServletException e) {
        log.info("Error during logout!");
    }
    return result;
  }
}

Is there a way to configure this in such a way that browser will display page has expired using the logic above.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You should disable the browser cache for pages that you don’t want the back button to show them again. To do this, you can create a servlet filter that sets required parameters in the response header for those pages:

    @WebFilter(servletNames={"Faces Servlet"})
public class NoCacheFilter implements Filter {

    @Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
        HttpServletRequest req = (HttpServletRequest) request;
        HttpServletResponse res = (HttpServletResponse) response;

        if (!req.getRequestURI().startsWith(req.getContextPath() + ResourceHandler.RESOURCE_IDENTIFIER)) { // Skip JSF resources (CSS/JS/Images/etc)
            res.setHeader("Cache-Control", "no-cache, no-store, must-revalidate"); // HTTP 1.1.
            res.setHeader("Pragma", "no-cache"); // HTTP 1.0.
            res.setDateHeader("Expires", 0); // Proxies.
        }

        chain.doFilter(request, response);
    }

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {
    }

    @Override
    public void destroy() {
    }
}

    This way, when the users pushes the browser’s back button, the page will be requested again from the server.

    • 0