Redirect to login page when user clicks on back button after logout in JSF

Question

When the user clicks on the logout page it takes him to the login.xhtml.Now when the user clicks the back button it is taking him to the page before logout and I am trying to avoid this by using the doFilter which has been mentioned in many posts and my code is:

    HttpServletRequest request = (HttpServletRequest) req;
    HttpServletResponse response = (HttpServletResponse) res;
    response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate"); 
    response.setHeader("Pragma", "no-cache"); // HTTP 1.0.
    response.setDateHeader("Expires", 0); // Proxies.
    chain.doFilter(req, res);

But it did not work.I also read in one post that if the URL has http then it does not work? Could you suggest how I can avoid this behavior and make the user go to the login page when he clicks on the back button after logout.

Did you clear the browser cache before testing the new filter? Does that URL pattern cover those restricted pages? — BalusC, Sep 26 '13 at 12:06
Yeah i cleared the browser cache.when i first run my appication it goes to http://localhost:8080/appname which has my login page and user is redirected to http://localhost:8080/appname/faces/views/dashboard.xhtml.Now when he clicks on logout he goes back to http://localhost:8080/appname/faces/login.xhtml.Now when the user clicks the back button it takes him back to http://localhost:8080/appname/faces/dashboard.xhtml...data is not shown here but the navigation bar,header and footer of the page is shown.What i want is when he click the back button it should not go there but go to login.xhtml. — Valla, Sep 26 '13 at 13:26

score 1 · Answer 1 · answered Sep 26 '13 at 17:20

I do not know what is the reason of your problem but note that in your web filter you should Skip JSF resources any way the follwing filter is working for me in all .xhtml pages try it

import java.io.IOException;
import javax.faces.application.ResourceHandler;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * Servlet Filter implementation class NoCacheFilter
 */
  @WebFilter(urlPatterns = {"*.xhtml"})
  public class NoCacheFilter implements Filter {

/**
 * Default constructor. 
 */
public NoCacheFilter() {
    // TODO Auto-generated constructor stub
}

/**
 * @see Filter#destroy()
 */
public void destroy() {
    // TODO Auto-generated method stub
}

/**
 * @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain)
 */

@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
    HttpServletRequest req = (HttpServletRequest) request;
    HttpServletResponse res = (HttpServletResponse) response;

    if (!req.getRequestURI().startsWith(req.getContextPath() + ResourceHandler.RESOURCE_IDENTIFIER)) { // Skip JSF resources (CSS/JS/Images/etc)
        res.setHeader("Cache-Control", "no-cache, no-store, must-revalidate"); // HTTP 1.1.
        res.setHeader("Pragma", "no-cache"); // HTTP 1.0.
        res.setDateHeader("Expires", 0); // Proxies.
    }

    chain.doFilter(request, response);
}
/**
 * @see Filter#init(FilterConfig)
 */
public void init(FilterConfig fConfig) throws ServletException {
    // TODO Auto-generated method stub
}

}

I tried using the code that you have mentioned above and it still dint work. Is there anything that I am missing out. — Valla, Sep 26 '13 at 20:44
Also to add My dashboard has some dat which is shown after login.When we logout andcthen click back button the data is not shown only the header,footer and the navigation bar are shown. — Valla, Sep 26 '13 at 21:23

Redirect to login page when user clicks on back button after logout in JSF

1 Answers1

Linked