I have a JSF 3.0 webapp that has a standard Log Out link on the top right corner of every web page. The link has href="logOut.jsf". This link calls a backend jsf bean that invalidates the session and forward the request to login.jsp. The forward code looks like below:
FacesContext.getCurrentInstance().getExternalContext().dispatch("login.jsp");
FacesContext.getCurrentInstance().getViewRoot().setRendered(false);
FacesContext.getCurrentInstance().responseComplete();
This webapp has a servlet filter where it logs all requests that are intercepted by the filter. Below is what the log looks like when I clicked the Log Out link. Please note that for this log, I clicked it when I was on the accountSelection.jsf page:
The 1st first entry is the accountSelection.jsf page, which is expected.
The 2nd entry is for the click of the Log Out link, logOut.jsf, which is also expected.
The 3rd is the accountSelection.jsf again, which is NOT expected.
Since the "logOut.jsf" does a forward to login.jsp, I am expecting the 3rd request to be login.jsp. But for some reasons it comes into the filter as accountSelection.jsf. This is causing issue because this filter has logic to check if session has expired and handle it accordingly. Since the logOut.jsf has invalidated the session and the request is not the login.jsp page, it causes the filter to execute the session expired condition.
02/28-14:54 SessionExpiredFilter-isContinueTheChain() - /MyAccount/accountSelection.jsf
02/28-14:55 SessionExpiredFilter-isContinueTheChain() - /MyAccount/logOut.jsf
02/28-14:55 SessionExpiredFilter-isContinueTheChain() - /MyAccount/accountSelection.jsf
02/28-14:55 SessionExpiredFilter-isContinueTheChain() - Session Time Out caught by SessionExpiredFilter (ViewID=)/accountSelection.jsf) - Redirecting user to errorpage_viewexpired.jsp.