It appears the problem is the call to abandon session.
If I remove "abandon session" the redirect doesn't fail.
As an alternative I tried
abandon response cookie ("ACTIVE4D_SESSIONID")
but that still failed.
To workaround this limitation I have added the code you suggested:
delete session item ("@") `remove any existing session data
and added
set session timeout (0) `in lieu of abandon session
One observation from watching the session monitor:
In some cases if I log back in quickly, it appears that I can reuse
the session. I think this is because the "housekeeper" hasn't run
yet, and the fact that my ACTIVE4D_SESSIONID cookie is still set.
I don't think this is a problem though since I'm reclaiming an
empty session. And because the ACTIVE4D_SESSIONID cookie is still
set I suspect I can only reclaim my old session.
Should I log the abandon session behavior as a bug?
The behavior you are seeing must be related to the shell. I cannot
reproduce it with the standard 4D shell, so the problem must be with
my standard ITK shell or your modifications. Also, there is no
possible way for 'abandon session' to affect a redirect, as the only
effect it has on the response is to set the expire date of the
session cookie.
If both 'abandon session' and 'abandon response cookie' are failing
to clear the session cookie, there is something strange going on,
because the cookie should be cleared by the browser. If 'abandon
session' were broken I would have gotten some reports about it by now.
It seems to me there must be something wrong with the headers which
is causing the browser to ignore the session cookie header, thus not
expiring it.
Regards,
Aparajita
www.aparajitaworld.com
"If you dare to fail, you are bound to succeed."
- Sri Chinmoy | www.srichinmoylibrary.com
_______________________________________________
Active4D-dev mailing list
[email protected]
http://mailman.aparajitaworld.com/mailman/listinfo/active4d-dev
Archives: http://mailman.aparajitaworld.com/archive/active4d-dev/
