0

Brief: How can i redirect to the login page when commandButton is pressed and the user is not logged in anymore?

In detail: I am trying to solve the following scenario in my primefaces application:

  1. I successfully log in in my web application
  2. I open a new tab while logged in.
  3. Now i log out from the second tab that i opened on step 2. In this tab i get redirected to the login page
  4. Press a commandButton from the 1st tab that still looks like if the user logged in but not many things happen .

When trying to access a page through a link while logged out, then yes i am redirected to the login page. The same does not happen though with the commandButton component.

I am using a filter already and tried to catch that case, meaning to confirm if on button press the session is null to redirect me to login page. As seen here: https://stackoverflow.com/a/1027592/1918516

The problem is that even though i logged out from the 2nd tab, and press a button from the 1st tab, my session is never null.

Update: After logging out and invalidate the session with invalidateSession() i see that my session is null. But when press on a button from the first tab, the session is NOT null. Could this be that the browsers cache is somehow maintaining an invalid session ?

Also i want to note here that i am retrieving the session with request.getSession(false)

Stephan
  • 696
  • 15
  • 37
  • Did you check this https://stackoverflow.com/questions/1026846/how-to-redirect-to-login-page-when-session-is-expired-in-java-web-application ? – stakahop Jul 20 '17 at 11:20
  • 1
    That is exactly the same link i provided in my question – Stephan Jul 20 '17 at 11:43
  • Did you try session time out ?!? in your web.inf – Yagami Light Jul 20 '17 at 12:28
  • But i do not think that this has to do with a session timeout . This has to do with handling an invalid (?) session at that point. – Stephan Jul 25 '17 at 05:45
  • Maybe a new session is created? – Kukeltje Jul 25 '17 at 12:58
  • A new session is created. I just checked the session id of session while the user was logged in, and the session id from the session i retrieve after the user has logged out and i press something on the first browser tab. I am not creating though a new session somewhere. So i am trying to find out what am i doing wrong or what i have to do to make my session return null . – Stephan Jul 25 '17 at 13:15
  • JSF has the servlet container (re)create a session for you if one does not exists but a bean is called that has a session scope. So most likely your (home grown?) security framework lacks some functionality. – Kukeltje Jul 25 '17 at 13:35
  • It looks that JBoss recreates a new session. I need to find a workaround for that. – Stephan Jul 26 '17 at 05:57

0 Answers0