我在我的JSF应用程序中使用了以下注销算法,因为用户能够注销并终止会话.
但是,我的问题是,即使用户被重定向到登录页面,但当他/她按下浏览器后退按钮时,他仍然能够看到以前的数据.
@ManagedBean
@RequestScoped
public class LogoutBean {
public String logout() {
String result="/faces/pages/public/login.xhtml?faces-redirect=true";
FacesContext context = FacesContext.getCurrentInstance();
HttpServletRequest request = (HttpServletRequest)context.getExternalContext().getRequest();
try {
request.logout();
} catch (ServletException e) {
log.info("Error during logout!");
}
return result;
}
}
有没有办法以浏览器使用上面的逻辑显示页面已过期的方式配置它.
您应该为不希望后退按钮再次显示它们的页面禁用浏览器缓存.为此,您可以创建一个servlet过滤器,在这些页面的响应头中设置所需的参数:
@WebFilter(servletNames={"Faces Servlet"})
public class NoCacheFilter implements Filter {
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
if (!req.getRequestURI().startsWith(req.getContextPath() + ResourceHandler.RESOURCE_IDENTIFIER)) { // Skip JSF resources (CSS/JS/Images/etc)
res.setHeader("Cache-Control", "no-cache, no-store, must-revalidate"); // HTTP 1.1.
res.setHeader("Pragma", "no-cache"); // HTTP 1.0.
res.setDateHeader("Expires", 0); // Proxies.
}
chain.doFilter(request, response);
}
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void destroy() {
}
}
这样,当用户按下浏览器的后退按钮时,将再次从服务器请求该页面.
| 归档时间: |
|
| 查看次数: |
2251 次 |
| 最近记录: |