I am using a SerlvetFilter to check if some specific session object is present to check if a user is logged in or not.
You should not do
response.sendRedirect("login.xhtml");
on an ajax request. The HTTP traffic monitor indicates with the 302 entry that you were doing that. You're basically redirecting the ajax request to a resource which doesn't return a valid ajax response at all. You should instead return as a valid ajax response a specific XML structure which in turn instructs JSF's ajax engine in JavaScript to do a window.location = newurl;
.
Basically:
String loginURL = request.getContextPath() + "/login.xhtml";
boolean ajaxRequest = "partial/ajax".equals(request.getHeader("Faces-Request"));
if (ajaxRequest) {
response.setContentType("text/xml");
response.setCharacterEncoding("UTF-8");
response.getWriter()
.append("<?xml version=\"1.0\" encoding=\"UTF-8\"?>")
.append("<partial-response>")
.printf("<redirect url=\"%s\"></redirect>", loginURL)
.append("</partial-response>");
}
else {
response.sendRedirect(loginURL);
}