Hello all, my first post here so hope it's not a simple-obvious one:)
I'm currently working on a
JSF web-application and we want better handle an enforced logout of the user, either by session timeout, or back-end event requiring this.
I have spent today looking at using a
Servlet Filter to intercept the request and decide if the user is currently logged on, if not the forward them back to the login page. Unfortunaly I had problems with this, the forward did not seem to be working, the Filter was called, but the next JSF page was displayed! It was as if the Faces Sevlet was being called with the original request, regardless of the forward which I expected call the login page (which might be due to my lack of understanding!)
Anyhow, I had a bit more of a look (including the
thread on pre-page initialisation) and wondered if I was approaching this problem in the wrong way. Should I be using a Servlet as a Filter to take the appropriate action on session timeout or if the user is not logged in, or is there a more 'JSF' way to accomplish this such as using a PhaseListener or NavigationHandler?
Any advice would be very much appreciated.
Rich.