Browser's back button redirects to the previously viewed page after log out
Hello all,
I have created an application using seam gen. The problem is with log out functionality. After logging out, the user will be redirected to the log in page and if the back button in the browser is clicked then it takes the user back to the previously viewed page and all the pages can be viewed and edited.
There is no security to the application??
Please help in solving this.
This is my logout link:
<s:link id="menuLogoutId" view="/login.xhtml" action="#{identity.logout}" value="Logout" rendered="#{identity.loggedIn}" propagation="none"/>
Here is my pages.xml:
<?xml version="1.0" encoding="UTF-8"?>
<pages xmlns="http://jboss.com/products/seam/pages"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://jboss.com/products/seam/pages http://jboss.com/products/seam/pages-2.2.xsd"
no-conversation-view-id="/home.xhtml"
login-view-id="/login.xhtml">
<page view-id="*">
<navigation>
<rule if-outcome="home">
<redirect view-id="/home.xhtml"/>
</rule>
</navigation>
</page>
<exception class="org.jboss.seam.framework.EntityNotFoundException">
<redirect view-id="/error.xhtml">
<message severity="warn">Record not found</message>
</redirect>
</exception>
<exception class="javax.persistence.EntityNotFoundException">
<redirect view-id="/error.xhtml">
<message severity="warn">Record not found</message>
</redirect>
</exception>
<exception class="javax.persistence.EntityExistsException">
<redirect view-id="/error.xhtml">
<message severity="warn">Duplicate record</message>
</redirect>
</exception>
<exception class="javax.persistence.OptimisticLockException">
<end-conversation/>
<redirect view-id="/error.xhtml">
<message severity="warn">Another user changed the same data, please try again</message>
</redirect>
</exception>
<exception class="org.jboss.seam.security.AuthorizationException">
<redirect view-id="/error.xhtml">
<message severity="error">You don't have permission to access this resource</message>
</redirect>
</exception>
<exception class="org.jboss.seam.security.NotLoggedInException">
<redirect view-id="/login.xhtml">
<message severity="warn">#{messages['org.jboss.seam.NotLoggedIn']}</message>
</redirect>
</exception>
<exception class="javax.faces.application.ViewExpiredException">
<redirect view-id="/login.xhtml">
<message severity="warn">Your session has timed out, please try again</message>
</redirect>
</exception>
<exception class="org.jboss.seam.ConcurrentRequestTimeoutException" log-level="trace">
<http-error error-code="503" />
</exception>
<exception>
<redirect view-id="/error.xhtml">
<message severity="error">Unexpected error, please try again</message>
</redirect>
</exception>
</pages>
I have created an application using seam gen. The problem is with log out functionality. After logging out, the user will be redirected to the log in page and if the back button in the browser is clicked then it takes the user back to the previously viewed page and all the pages can be viewed and edited.
There is no security to the application??
Please help in solving this.
This is my logout link:
<s:link id="menuLogoutId" view="/login.xhtml" action="#{identity.logout}" value="Logout" rendered="#{identity.loggedIn}" propagation="none"/>
Here is my pages.xml:
<?xml version="1.0" encoding="UTF-8"?>
<pages xmlns="http://jboss.com/products/seam/pages"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://jboss.com/products/seam/pages http://jboss.com/products/seam/pages-2.2.xsd"
no-conversation-view-id="/home.xhtml"
login-view-id="/login.xhtml">
<page view-id="*">
<navigation>
<rule if-outcome="home">
<redirect view-id="/home.xhtml"/>
</rule>
</navigation>
</page>
<exception class="org.jboss.seam.framework.EntityNotFoundException">
<redirect view-id="/error.xhtml">
<message severity="warn">Record not found</message>
</redirect>
</exception>
<exception class="javax.persistence.EntityNotFoundException">
<redirect view-id="/error.xhtml">
<message severity="warn">Record not found</message>
</redirect>
</exception>
<exception class="javax.persistence.EntityExistsException">
<redirect view-id="/error.xhtml">
<message severity="warn">Duplicate record</message>
</redirect>
</exception>
<exception class="javax.persistence.OptimisticLockException">
<end-conversation/>
<redirect view-id="/error.xhtml">
<message severity="warn">Another user changed the same data, please try again</message>
</redirect>
</exception>
<exception class="org.jboss.seam.security.AuthorizationException">
<redirect view-id="/error.xhtml">
<message severity="error">You don't have permission to access this resource</message>
</redirect>
</exception>
<exception class="org.jboss.seam.security.NotLoggedInException">
<redirect view-id="/login.xhtml">
<message severity="warn">#{messages['org.jboss.seam.NotLoggedIn']}</message>
</redirect>
</exception>
<exception class="javax.faces.application.ViewExpiredException">
<redirect view-id="/login.xhtml">
<message severity="warn">Your session has timed out, please try again</message>
</redirect>
</exception>
<exception class="org.jboss.seam.ConcurrentRequestTimeoutException" log-level="trace">
<http-error error-code="503" />
</exception>
<exception>
<redirect view-id="/error.xhtml">
<message severity="error">Unexpected error, please try again</message>
</redirect>
</exception>
</pages>
