From: edler-san <19165931+edler-san@users.noreply.github.com>
Date: Thu, 2 May 2019 11:26:14 +0000 (+0200)
Subject: Changed the handleSessionExpired logic to return a 404 instead of a 410 and added... 
X-Git-Tag: 8.8.6^0
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=806103c71f352107f927a63ed36bf68564a45866;p=vaadin-framework.git

Changed the handleSessionExpired logic to return a 404 instead of a 410 and added the no-cache parameter to the reply. (#11556)

* Changed the handleSessionExpired logic to return a 404 instead of a 410. Also added the no-cache parameter to the reply.
See https://github.com/vaadin/framework/issues/4417 for discussion.
---

diff --git a/server/src/main/java/com/vaadin/server/communication/HeartbeatHandler.java b/server/src/main/java/com/vaadin/server/communication/HeartbeatHandler.java
index ed2faad05a..07ab402514 100644
--- a/server/src/main/java/com/vaadin/server/communication/HeartbeatHandler.java
+++ b/server/src/main/java/com/vaadin/server/communication/HeartbeatHandler.java
@@ -89,7 +89,14 @@ public class HeartbeatHandler extends SynchronizedRequestHandler
             return false;
         }
 
-        response.sendError(HttpServletResponse.SC_GONE, "Session expired");
+        // Ensure that the browser does not cache expired response.
+        // iOS 6 Safari requires this (#10370)
+        response.setHeader("Cache-Control", "no-cache");
+        // If Content-Type is not set, browsers assume text/html and may
+        // complain about the empty response body (#12182)
+        response.setHeader("Content-Type", "text/plain");
+
+        response.sendError(HttpServletResponse.SC_NOT_FOUND, "Session expired");
         return true;
     }
 }