In enterprise applications that require user authentication, a user can't navigate back to a cached page. When developing applications using JDeveloper11g ADF, I encountered two problems.
First, how to kill a user session when clicking logout button, as explained below:
In ADF, you might use SessionScope to create variables or beans that can be carried out during the life cycle of a user session. Destroying the session bean or setting a session variable to null doesn't mean that the session is killed, to kill a session you have to:
1- Add a method call to logout button Action can be in the managed or backing bean and name it logout_action();
2- The code is used to invalidate the user session then redirect the page to your login screen displayed below:
FacesContext fc = FacesContext.getCurrentInstance();
ExternalContext ectx = fc.getExternalContext();
HttpSession session = (HttpSession)ectx.getSession(false);
try {
session.invalidate();
ectx.redirect("../loginpage");
fc.responseComplete();
} catch (Exception exp) {
ectx.redirect("../loginpage");
fc.responseComplete();
}
* note if you are using a bounded task flow and your loging screen exists in unbounded task flow located one level up then consider navigating through floders using (..) till login screen location.