To preserve state, a cookie with a session id is send to the client’s browser. During the next request, this cookie is transmitted to the server. By this, the server is able to restore state.
For security reasons, it is good practice to renew this session number once the user logs in or out.
FacesContext.getCurrentInstance().getExternalContext().invalidateSession();
But, at least if you use GlassFish 4 as your servlet container, you may sometimes recognize an exception in your log. It is catched internally, thus surrounding the statement above wont catch it. Maybe, this problem is responsible for memory leaks [1] too.
Solution: Simply replace this call by a change of the session id
((HttpServletRequest)FacesContext.getCurrentInstance()
.getExternalContext().getRequest()).changeSessionId();
[1] http://blog.mueller-bruehl.de/programming/cdi-issue-using-glassfish-4/
Do you want to support this blog? You may help to finance the needed hardware.
Want to read more about software development? Purchase one of my books:
Start application development with Java. Learn development foundation, quality control and more.
A Journey through Java EE Technologies whilst developing Web Applications with JavaServer Faces.
Java Lambdas and Parallel Streams
The compact starter: Foundation, supporting structures, parallel processing
No software development, just nature:
A photographic image book. Get it for free. Or pay whatever you like.
No Comments Yet