Clicking browser back button after JSF navigation causes "Document expired" in browser

Question

In my project after login page, main page contain menu on left hand site if I clicked on menu link 1 ==> you will navigate to page 1 then click menu link 2 ==> you will navigate to page 2 ,if you use back button then i get document expired.

I want to delete the browser cache after logged out for this i use phase listener.

code of phase listener

    @Override
        public void beforePhase(PhaseEvent event) {
            FacesContext facesContext = event.getFacesContext();
            HttpServletResponse response = (HttpServletResponse) facesContext
             .getExternalContext().getResponse();
        logger.log(Level.INFO,"Cache control phase listener called");
             response.addHeader("Pragma", "no-cache");
             response.addHeader("Cache-Control", "no-cache");
             response.addHeader("Cache-Control", "no-store");
             response.addHeader("Cache-Control", "must-revalidate"); 
             response.addHeader("Expires","Mon, 8 Aug 2006 10:00:00 GMT");
        }

I also use UserFilter for secured the pages in /user/* folder
here is UserFilter's doFilter code

@Override
    public void doFilter(ServletRequest request, ServletResponse response,
            FilterChain chain) throws IOException, ServletException {
        logger.log(Level.INFO,"User Filter's doFilter called");
        UserManager userManager = (UserManager)((HttpServletRequest)request).getSession().getAttribute("userManager");
            if(userManager==null || !userManager.getIsLoggedIn() || !userManager.getCurrentRole().equals("user")){
                String contextPath = ((HttpServletRequest)request).getContextPath();
                ((HttpServletResponse)response).sendRedirect(contextPath+"/login.xhtml");
            }else{
                chain.doFilter(request, response);
            }
    }

I also want after login user can't go back again in login page until logout.

Answer 1

if you use back button then i get "document expired"

That will happen if the previous request was a synchronous POST request (a form submit). You're not supposed to use POST for page-to-page navigation. Use GET for it.

In other words, replace <h:commandLink/Button> representing pure page-to-page navigation links/buttons by <h:link/button>. And, when you need to navigate to a new page after a form submit, e.g. to display a list after submit of an entry, use POST-redirect-GET.

See also:

• When should I use h:outputLink instead of h:commandLink?
• How to navigate in JSF? How to make URL reflect current page (and not previous one)
• Is JSF 2.0 View Scope back-button safe?
• Avoid back button on JSF web application

---

Unrelated to the concrete problem: a PhaseListener is the wrong tool for the job of manipulating HTTP response headers. Use a normal Filter.