myfaces-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gerald Müllan" <>
Subject Re: STATE_SAVING_METHOD client security
Date Sun, 24 Sep 2006 21:30:50 GMT

never had this requirement, but you can hang in a javascript function
after hitting the back button and delete the state which is saved on
the client.

E.g. the dojo toolkit has a nice mechanism to pointcut in between.

But it is just a quick thought, don`t know if it would work correctly :)



On 9/24/06, fischman_98 <> wrote:
> I am using STATE_SAVING_METHOD set to client.  I have a session scoped bean
> that performs login/logout methods and has two properties with public
> getter/setters, username & password.
> The problem:
> 1. A user logs in successfully, does some work, logs out.
> 2. The session is invalidated when the user logs out.
> 3. Hit the browser back button until the user gets to the login page again,
> hit refresh, the user is logged in again without re-entering login
> information.
> Is this due to the session state being saved on the client within the view?
> More importantly, is there anyway to keep the successful login from
> happening with state_saving_method=client?
> Thanks.
> --
> View this message in context:
> Sent from the MyFaces - Users mailing list archive at


Your JSF powerhouse -
JSF Consulting, Development and
Courses in English and German

Professional Support for Apache MyFaces

View raw message