在会话失效后单击broswer后退按钮时防止出现ViewExpiredException [英] Preventing ViewExpiredException when clicking broswer back button after session invalidation
问题描述
我试图弄清楚如何防止JSF登录中的 Session Fixation Glassfish 3.1中的表单。
使用 Servlets 很容易,所以我正在尝试使用JSF (基于以下问题:从JSF请求中检索会话ID值):
I am trying to figure out how to prevent Session Fixation on an JSF login form in Glassfish 3.1. It was easy to do with Servlets, so I am trying to do the same with JSF (based on this question: Retrieving session ID value from a JSF request):
FacesContext fCtx = FacesContext.getCurrentInstance();
HttpSession session = (HttpSession) fCtx.getExternalContext().getSession(false);
session.invalidate();
fCtx.getExternalContext().getSession(true);
这似乎有用,但当我点击浏览器的后退按钮并重新输入登录信息时, :
It seems to work, but when I click the browser's back button and re-enter login details I get:
javax.faces.application.ViewExpiredException:
viewId:/index.xhtml - 查看
/ index。 xhtml无法恢复。
javax.faces.application.ViewExpiredException: viewId:/index.xhtml - View /index.xhtml could not be restored.
只有在刷新并重新发送后,才能再次使用。
It works again only after "refresh" and resend.
可能是什么原因?
推荐答案
您需要指示浏览器不是缓存JSF页面。创建一个映射为 @WebFilter(servletNames = {facesServlet})的 Filter ,并完成以下工作 doFilter()方法
You need to instruct the browser to not cache the JSF pages. Create a Filter which is mapped as @WebFilter(servletNames={"facesServlet"}) and does the following job in doFilter() method
HttpServletResponse response = (HttpServletResponse) res;
response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate"); // HTTP 1.1.
response.setHeader("Pragma", "no-cache"); // HTTP 1.0.
response.setDateHeader("Expires", 0); // Proxies.
chain.doFilter(req, res);
这将强制浏览器在后退按钮上触发全新的GET请求。否则它只会从缓存中返回页面,然后表单提交将失败,因为服务器端视图状态在会话失效时丢失。
This will force the browser to fire a brand new GET request on back button press. It would otherwise only return the page from the cache and the form submit will then fail because the server side view state is been lost with the session invalidation.
这篇关于在会话失效后单击broswer后退按钮时防止出现ViewExpiredException的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
