Even if "abandon session" isn't broken replacing it with the documented
alternative allows the redirect to succeed. I have a workaround that
solves the problem. The only differences between your A4D_ITK_Server
method and ours is that we installed our own mechanism for managing Read
Write/Read Only state. That is code that has been in our 4D shell for 12
years and remains unchanged since we began using Active4D.
Maybe the code we run in the pre-stream execute hook is the culprit? We
examine the first part of the request to see if the request should be
handled by A4D or our old Netlink-Style ITK code. After this is done we
put examined part back into the request w ITK_TCPUnRcv. That method was
unchanged in the upgrade. When I originally wrote it, I believe I tested
to make sure that original request and the one that gets processed were
identical.
If I get some time I'll try to run some tests that use an unmodified ITK
shell to see if the problem might be there, but if I recall there were
very few notable differences between the new shell and the core of ours.
FWIW, if there were a way to preview the request with 4D's web server I'd
abandon ITK in a heartbeat.
-- Brad
>> It appears the problem is the call to abandon session.
>> If I remove "abandon session" the redirect doesn't fail.
>> As an alternative I tried
>> abandon response cookie ("ACTIVE4D_SESSIONID")
>> but that still failed.
>>
>> To workaround this limitation I have added the code you suggested:
>> delete session item ("@") `remove any existing session data
>> and added
>> set session timeout (0) `in lieu of abandon session
>>
>> One observation from watching the session monitor:
>> In some cases if I log back in quickly, it appears that I can reuse
>> the session. I think this is because the "housekeeper" hasn't run
>> yet, and the fact that my ACTIVE4D_SESSIONID cookie is still set.
>> I don't think this is a problem though since I'm reclaiming an
>> empty session. And because the ACTIVE4D_SESSIONID cookie is still
>> set I suspect I can only reclaim my old session.
>>
>> Should I log the abandon session behavior as a bug?
>
> The behavior you are seeing must be related to the shell. I cannot
> reproduce it with the standard 4D shell, so the problem must be with
> my standard ITK shell or your modifications. Also, there is no
> possible way for 'abandon session' to affect a redirect, as the only
> effect it has on the response is to set the expire date of the
> session cookie.
>
> If both 'abandon session' and 'abandon response cookie' are failing
> to clear the session cookie, there is something strange going on,
> because the cookie should be cleared by the browser. If 'abandon
> session' were broken I would have gotten some reports about it by now.
>
> It seems to me there must be something wrong with the headers which
> is causing the browser to ignore the session cookie header, thus not
> expiring it.
>
> Regards,
>
> Aparajita
_______________________________________________
Active4D-dev mailing list
[email protected]
http://mailman.aparajitaworld.com/mailman/listinfo/active4d-dev
Archives: http://mailman.aparajitaworld.com/archive/active4d-dev/
