To handle viewExpiredException in JSF, I coded
<error-page>
<exception-type>javax.faces.application.ViewExpiredException</exception-type>
<location>/error.html</location>
</error-page>
<session-config>
<session-timeout>1</session-timeout>
</session-config>
in web.xml.
In error.html I have redirected to original login page. But the problem is session scoped bean were not cleared out even session expired. Is there any way to solve this?
The login page is likely been requested from the browser cache. Disable it by adding the following lines to the HTML <head> of the login page:
<meta http-equiv="Cache-Control" content="no-cache, no-store, must-revalidate" />
<meta http-equiv="Pragma" content="no-cache" />
<meta http-equiv="Expires" content="0" />
You can also create a Filter which is tied to the FacesServlet and has basically the following lines in the doFilter() method, so that you don't need to repeat it over all pages which you'd like to prevent from being cached.
response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate"); // HTTP 1.1.
response.setHeader("Pragma", "no-cache"); // HTTP 1.0.
response.setDateHeader("Expires", 0); // Proxies.