From 806103c71f352107f927a63ed36bf68564a45866 Mon Sep 17 00:00:00 2001 From: edler-san <19165931+edler-san@users.noreply.github.com> Date: Thu, 2 May 2019 13:26:14 +0200 Subject: [PATCH] Changed the handleSessionExpired logic to return a 404 instead of a 410 and added the no-cache parameter to the reply. (#11556) * Changed the handleSessionExpired logic to return a 404 instead of a 410. Also added the no-cache parameter to the reply. See https://github.com/vaadin/framework/issues/4417 for discussion. --- .../vaadin/server/communication/HeartbeatHandler.java | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/server/src/main/java/com/vaadin/server/communication/HeartbeatHandler.java b/server/src/main/java/com/vaadin/server/communication/HeartbeatHandler.java index ed2faad05a..07ab402514 100644 --- a/server/src/main/java/com/vaadin/server/communication/HeartbeatHandler.java +++ b/server/src/main/java/com/vaadin/server/communication/HeartbeatHandler.java @@ -89,7 +89,14 @@ public class HeartbeatHandler extends SynchronizedRequestHandler return false; } - response.sendError(HttpServletResponse.SC_GONE, "Session expired"); + // Ensure that the browser does not cache expired response. + // iOS 6 Safari requires this (#10370) + response.setHeader("Cache-Control", "no-cache"); + // If Content-Type is not set, browsers assume text/html and may + // complain about the empty response body (#12182) + response.setHeader("Content-Type", "text/plain"); + + response.sendError(HttpServletResponse.SC_NOT_FOUND, "Session expired"); return true; } } -- 2.39.5