You can solve this by setting the client state persistence method instead of server so that the views are saved (in serialized form, of course) in a hidden input field of the POST form, and not in a server-side session (which, in turn, refers to a JSESSIONID cookie, therefore all views will be lost when you delete the session cookie or when the session ends). You can do this by adding the following context parameter to web.xml :
<context-param> <param-name>javax.faces.STATE_SAVING_METHOD</param-name> <param-value>client</param-value> </context-param>
If for some reason the above option is not something, the best thing you could do is to carefully treat it as an error page in web.xml as follows:
<error-page> <exception-type>javax.faces.application.ViewExpiredException</exception-type> <location>/errors/sessionexpired.jsf</location> </error-page>
This does not eliminate the exception, but at least gives you the opportunity to indicate on the error page the end user about the problem and what actions the end user should take. You can even let the error page specify the login page and conditionally display a message about why enduser is accessing the login page again.
See also: