Avoid Browser Cache Issues in jsf 2

Question

I am woking on a project using JSF2. I use Spring security for Authentication (access ,login, and logout) and my view pages are xhtml. My problem is that after logout user could back to previous page and do job. I use AuthenticationBean class for login&louout. Also I added below command to header of my page but nothing changed!

meta http-equiv="Cache-control" content="public"
meta http-equiv="Cache-control" content="private"
meta http-equiv="Cache-control" content="no-cache"    
meta http-equiv="Cache-control" content="no-store"

The bean:

@ManagedBean(name = "authenticationBean")
@RequestScoped
public class AuthenticationBean {
    public String doLogin() throws ServletException, IOException {
        ExternalContext context = FacesContext
               .getCurrentInstance().getExternalContext();

        RequestDispatcher dispatcher = ((ServletRequest) context.getRequest())
               .getRequestDispatcher("/j_spring_security_check");

        dispatcher.forward(
            (ServletRequest) context.getRequest(),
            (ServletResponse) context.getResponse());

        FacesContext.getCurrentInstance().responseComplete();
        return null;
    }

    public String doLogout() {
        FacesContext.getCurrentInstance()
             .getExternalContext().invalidateSession();
        return "/login.xhtml";
    }
}




<meta http-equiv="Pragma" content="no-cache"/>
<meta http-equiv="Expires" content="0"/>


        <h:graphicImage library="images" name="spr-2.png" width="400" height="400"/>
        <h:form id="loginForm" prependId="false">
            <h:messages globalOnly="true"/>
            <p:messages autoUpdate="true"/>
            <h:panelGrid columns="3">
                <h:outputLabel for="j_username" value="User: * " />
                <p:inputText id="j_username" required="true" label="username" />
                <h:outputLabel for="j_password" value="Password: * " />
                <p:password id="j_password" label="password" required="true" />
            </h:panelGrid>

            <h:commandButton type="submit" id="login" value="Login" action="#{authenticationBean.doLogin()}" />
        </h:form>

    <f:facet name="first">
        <meta http-equiv="X-UA-Compatible" content="IE=Edge" />
    </f:facet>
</h:head>

<h:body>
            <h:form>
                <h:commandLink action="#{authenticationBean.doLogout}" style="font-size: 0.7em;color:blue;font-family:serif  ">logout</h:commandLink>
            </h:form>
            <h:form>
                <p:commandLink value="GO TO Functions" action="/pages/admin/indexAdmin?faces-redirect=true"/>
            </h:form>

            <h:graphicImage library="images" name="pic1.jpg" width="800" height="200"/>    </h:body>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="Expires" content="0">

this Link should answer your questions: [prevent-ie-caching][1] [1]: http://stackoverflow.com/a/2849128/1269441 Hope it helps... — L-Ray, Dec 19 '13 at 10:46
I used meta tag in header of my page but nothing happened. But about using 'response.headers' I do not know how I could use them inside XHTML page! — user3104452, Dec 19 '13 at 14:17
I'm a bit worried about your "do job" - is the user able to execute actions through a `commandLink`/`commandButton` or is he just able to display the page the browser already had in the cache? — mabi, Dec 19 '13 at 14:54
yes, user even could use commandLink/commandButton. It seems strange. I think that even 'FacesContext.getCurrentInstance().getExternalContext().invalidateSession();' does not destry session! — user3104452, Dec 19 '13 at 14:57
Try additional adding the following lines to all XHTML pages or resolve this as http-header throw a proper Filter (see http://stackoverflow.com/questions/10305718/avoid-back-button-on-jsf-web-application) `` `` This header informations have to be given with every page so they are actually not stored in the cache but always retrieved freshly from server side. About correctly closing a session in JSF, see http://stackoverflow.com/a/5620582/1269441. — L-Ray, Dec 20 '13 at 20:57

Avoid Browser Cache Issues in jsf 2

0 Answers0