ViewExpiredException not thrown on ajax request if JSF page is protected by j_security_check
Issue
- When we restart JBoss, a user's session and authenticated state is lost as expected. We'd expect the user to be redirected back to the FORM login page to re-authenticate. But they get a new ViewState response and so never reach the login page unless they close and reopen their browser.
Environment
- JBoss Enterprise Application Platform (EAP) 7.x
- JSF
- OmniFaces
- FORM authentication
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.