Show
added a comment - The server (at least Tomcat does) hides the difference between requests made directly by the browser and requests delayed and replayed through the authentication process. The difficulty with this is that in one case, the response is being delivered to a POST made by XMLHttpRequest, and in the other case the response is being delivered by a browser redirecting with a full page GET.
What appears to be workable is to add a special case for session expired being "browser readable" and taking the form of a redirect request to the expiry page (as sent from the server, not just as a redirect performed by the JavaScript bridge). For instance (diff has been edited so line numbers are not valid) the following seems to work as desired on tomcat:
===================================================================
— src/com/icesoft/faces/webapp/http/core/RequestVerifier.java (revision 19235)
+++ src/com/icesoft/faces/webapp/http/core/RequestVerifier.java (working copy)
@@ -3,6 +3,7 @@
import com.icesoft.faces.webapp.http.common.Request;
import com.icesoft.faces.webapp.http.common.Server;
import com.icesoft.faces.webapp.http.common.standard.EmptyResponse;
+import com.icesoft.faces.webapp.http.common.Configuration;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -10,10 +11,19 @@
public class RequestVerifier implements Server {
private final static Log log = LogFactory.getLog(RequestVerifier.class);
+ private Configuration configuration;
private String sessionID;
private Server server;
public RequestVerifier(String sessionID, Server server)
Unknown macro: {+ public RequestVerifier(Configuration configuration, String sessionID, Server server) {
+ this.configuration = configuration;
this.sessionID = sessionID;
this.server = server;
}@@ -28,7 +38,8 @@ server.service(request); }
else
{
log.debug("Missmatched 'ice.session' value. Session has expired.");
- request.respondWith(SessionExpiredResponse.Handler);
+ request.respondWith(SessionExpiredResponse.getRedirectingHandler(configuration.getAttribute("sessionExpiredRedirectURI")));
+// request.respondWith(SessionExpiredResponse.Handler);
}
} else
Unknown macro: { if( log.isDebugEnabled() ){
Index: src/com/icesoft/faces/webapp/http/core/SessionExpiredResponse.java
===================================================================
--- src/com/icesoft/faces/webapp/http/core/SessionExpiredResponse.java (revision 19235)
+++ src/com/icesoft/faces/webapp/http/core/SessionExpiredResponse.java (working copy)
@@ -1,6 +1,8 @@
package com.icesoft.faces.webapp.http.core;
import com.icesoft.faces.webapp.command.Command;
+import com.icesoft.faces.webapp.http.common.Response;
+import com.icesoft.faces.webapp.http.common.ResponseHandler;
import com.icesoft.faces.webapp.http.common.standard.FixedXMLContentHandler;
import java.io.IOException;
@@ -14,4 +16,14 @@
SessionExpiredCommand.serializeTo(writer);
} }
;
+
+ public static ResponseHandler getRedirectingHandler(final String redirectURI) {
+ ResponseHandler handler = new ResponseHandler()
Unknown macro: {+ public void respond(Response response) throws Exception {
+ response.setStatus(302);
+ response.setHeader("Location", redirectURI);
+ }+ }
;
+ return handler;
+ }
}
Index: src/com/icesoft/faces/webapp/http/servlet/MainSessionBoundServlet.java
===================================================================
src/com/icesoft/faces/webapp/http/servlet/MainSessionBoundServlet.java (revision 19235)
+++ src/com/icesoft/faces/webapp/http/servlet/MainSessionBoundServlet.java (working copy)
@@ -124,13 +124,13 @@
receivePing = OKServer;
} else
{
//setup blocking connection server
- sendUpdatedViews = new RequestVerifier(sessionID, new PushServerDetector(session, sessionID, synchronouslyUpdatedViews, allUpdatedViews, monitorRunner, configuration, messageService, this));
- sendUpdates = new RequestVerifier(sessionID, new SendUpdates(configuration, views, this));
- receivePing = new RequestVerifier(sessionID, new ReceivePing(views, this));
+ sendUpdatedViews = new RequestVerifier(configuration, sessionID, new PushServerDetector(session, sessionID, synchronouslyUpdatedViews, allUpdatedViews, monitorRunner, configuration, messageService, this));
+ sendUpdates = new RequestVerifier(configuration, sessionID, new SendUpdates(configuration, views, this));
+ receivePing = new RequestVerifier(configuration, sessionID, new ReceivePing(views, this));
}
Server upload = new UploadServer(views, configuration);
Server receiveSendUpdates = new RequestVerifier(sessionID, new ReceiveSendUpdates(views, synchronouslyUpdatedViews, sessionMonitor, this));
+ Server receiveSendUpdates = new RequestVerifier(configuration, sessionID, new ReceiveSendUpdates(views, synchronouslyUpdatedViews, sessionMonitor, this));
dispatchOn(".*block\\/receive\\-updated -views$", new EnvironmentAdaptingServlet(sendUpdatedViews, configuration, session.getServletContext()));
PathDispatcherServer dispatcherServer = new PathDispatcherServer();
Ok, I have the feeling that my situation is a bit more complicated... although it might be related somehow with this problem.
SSL connection works fine using 'direct internet' connection, but it keeps on expiring when I access the application through an http proxy. The public part works also behind the proxy, but not the secured. After some refresh I can do something, but the session expires very fast. Are you aware of any SSL + Proxy issue?