diff options
3 files changed, 16 insertions, 9 deletions
diff --git a/client/src/main/java/com/vaadin/client/communication/DefaultConnectionStateHandler.java b/client/src/main/java/com/vaadin/client/communication/DefaultConnectionStateHandler.java index 27c7052d30..f0630592be 100644 --- a/client/src/main/java/com/vaadin/client/communication/DefaultConnectionStateHandler.java +++ b/client/src/main/java/com/vaadin/client/communication/DefaultConnectionStateHandler.java @@ -146,7 +146,7 @@ public class DefaultConnectionStateHandler implements ConnectionStateHandler { int statusCode = response.getStatusCode(); getLogger().warning("Heartbeat request returned " + statusCode); - if (response.getStatusCode() == Response.SC_GONE) { + if (response.getStatusCode() == Response.SC_FORBIDDEN) { // Session expired getConnection().showSessionExpiredError(null); stopApplication(); diff --git a/server/src/main/java/com/vaadin/server/VaadinService.java b/server/src/main/java/com/vaadin/server/VaadinService.java index 7db1a4fd55..4f01820868 100644 --- a/server/src/main/java/com/vaadin/server/VaadinService.java +++ b/server/src/main/java/com/vaadin/server/VaadinService.java @@ -1759,7 +1759,15 @@ public abstract class VaadinService implements Serializable { * endless loop. This can at least happen if refreshing a * resource when the session has expired. */ - response.sendError(HttpServletResponse.SC_GONE, + + // Ensure that the browser does not cache expired responses. + // iOS 6 Safari requires this (#3226) + response.setHeader("Cache-Control", "no-cache"); + // If Content-Type is not set, browsers assume text/html and may + // complain about the empty response body (#4167) + response.setHeader("Content-Type", "text/plain"); + + response.sendError(HttpServletResponse.SC_FORBIDDEN, "Session expired"); } } catch (IOException e) { diff --git a/server/src/main/java/com/vaadin/server/communication/HeartbeatHandler.java b/server/src/main/java/com/vaadin/server/communication/HeartbeatHandler.java index 07ab402514..8733c7b58c 100644 --- a/server/src/main/java/com/vaadin/server/communication/HeartbeatHandler.java +++ b/server/src/main/java/com/vaadin/server/communication/HeartbeatHandler.java @@ -62,10 +62,10 @@ public class HeartbeatHandler extends SynchronizedRequestHandler if (ui != null) { ui.setLastHeartbeatTimestamp(System.currentTimeMillis()); // Ensure that the browser does not cache heartbeat responses. - // iOS 6 Safari requires this (#10370) + // iOS 6 Safari requires this (#3226) response.setHeader("Cache-Control", "no-cache"); // If Content-Type is not set, browsers assume text/html and may - // complain about the empty response body (#12182) + // complain about the empty response body (#4167) response.setHeader("Content-Type", "text/plain"); } else { response.sendError(HttpServletResponse.SC_NOT_FOUND, @@ -88,15 +88,14 @@ public class HeartbeatHandler extends SynchronizedRequestHandler if (!ServletPortletHelper.isHeartbeatRequest(request)) { return false; } - - // Ensure that the browser does not cache expired response. - // iOS 6 Safari requires this (#10370) + // Ensure that the browser does not cache expired heartbeat responses. + // iOS 6 Safari requires this (#3226) response.setHeader("Cache-Control", "no-cache"); // If Content-Type is not set, browsers assume text/html and may - // complain about the empty response body (#12182) + // complain about the empty response body (#4167) response.setHeader("Content-Type", "text/plain"); - response.sendError(HttpServletResponse.SC_NOT_FOUND, "Session expired"); + response.sendError(HttpServletResponse.SC_FORBIDDEN, "Session expired"); return true; } } |