Cleanly handle session timeout with Java EE 6

I've got a fairly simple web application deployed in GlassFish 3.0.1. I'm using regular FORM based authentication and have the application secured using a JDBC realm. The view is handled by JSF 2 using Facelets.

The problem I have is that when the session expires if the user clicks a h:commandButton or anything else that posts back they are presented with an awful yellow page telling them there has been an XML Parsing Error. In the logs I get three stack trac开发者_Go百科es:

INFO: PWC2787: Session event listener threw exception
org.jboss.weld.context.ContextNotActiveException: WELD-001303 No active contexts for scope type javax.enterprise.context.RequestScoped
at org.jboss.weld.manager.BeanManagerImpl.getContext(BeanManagerImpl.java:679)
at org.jboss.weld.bean.proxy.ClientProxyMethodHandler.getProxiedInstance(ClientProxyMethodHandler.java:138)
at org.jboss.weld.bean.proxy.ClientProxyMethodHandler.invoke(ClientProxyMethodHandler.java:100)
<snip>

WARNING: ApplicationDispatcher[/core] PWC1231: Servlet.service() for servlet Faces Servlet threw exception
javax.faces.application.ViewExpiredException: viewId:/login.xhtml - View /login.xhtml could not be restored.
at com.sun.faces.lifecycle.RestoreViewPhase.execute(RestoreViewPhase.java:212)
at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:101)
at com.sun.faces.lifecycle.RestoreViewPhase.doPhase(RestoreViewPhase.java:110)
at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:118)
<snip>

WARNING: Unexpected error forwarding or redirecting to login page
javax.servlet.ServletException: viewId:/login.xhtml - View /login.xhtml could not be restored.
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:325)
at org.apache.catalina.core.StandardWrapper.service(StandardWrapper.java:1523)
at org.apache.catalina.core.ApplicationDispatcher.doInvoke(ApplicationDispatcher.java:822)
at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:684)
at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:517)
<snip>

I can't seem to find a clean and simple way of dealing with this issue. I've tried setting an error handler for the ViewExpiredException in the web.xml but it never got called. I'm guessing that the system has already given up by the first exception. Right now I don't really care too much where I send the user in this situation just so long as they don't see the yellow page of death!

Note: non-postback links work find and redirect to the login page correctly.

Unfortunately there is no standard way to tackle this, at least nothing we found out after doing quite some research.

What you can do is:

(1) Register your own JSF-ExceptionHandler in faces-config.xml and make it handle whatever exceptions you want to, redirect to error- / login-page afterwards. Not completely trivial, but definitely possible - that's how we do it.

(2) Have a look at (and use) Seam-Catch, they are using the same mechanism (but in a more elegant CDI-conform way), we didn't use it because it wasn't ready two months ago.