Servlet Security constraints and application cache


We are using Vaadin Touchkit with Application Cache enabled. The Servlet is secured by a security constraint in the web.xml.


After logging out of the application and making a reload a post request is made to


This happens in line 139 of vaadinBootstrap.js.

is secured and so the login page gets delivered, thus the applications gets not loaded and the user will not see the login page either. He has to change the url in the browser, which is not the desired behaviour.

Do you know any solution to this problem? What is the recommended way to handle such situations? Of course, this does not happen, if the application cache is disabled.

/Kind regards

Wonder if the login module setup the change to the original request correctly, might even be the initial response ( redirect to the login page ) that should be configured as not cachable.
I Dont use Application Cache, but I’ve written a few JASPIC(jsr196) modules and they do get tricky…