* Changed the handleSessionExpired logic to return a 404 instead of a 410. Also added the no-cache parameter to the reply.
See https://github.com/vaadin/framework/issues/4417 for discussion.
return false;
}
- response.sendError(HttpServletResponse.SC_GONE, "Session expired");
+ // Ensure that the browser does not cache expired response.
+ // iOS 6 Safari requires this (#10370)
+ response.setHeader("Cache-Control", "no-cache");
+ // If Content-Type is not set, browsers assume text/html and may
+ // complain about the empty response body (#12182)
+ response.setHeader("Content-Type", "text/plain");
+
+ response.sendError(HttpServletResponse.SC_NOT_FOUND, "Session expired");
return true;
}
}