You are right if you do a full page refesh from the login in the iframe response, it should load the login form in the main page.
However there are a few issues with putting extra logic in the login form page. It assumes that on failure only the logn page is loaded in the PPR Iframe. It does not account for the case when the user looses a network connecton during a PPR connection. It also does not account for a DMZ scenario, where the reverse proxy may have a logic page and its timeout may be smaller than the session timeout. In the DMZ scenario, the logic page may be displayed by the reverse proxy. I believe the fix actually needs to go into the PPR logic itself. In IE it is pretty simple to detect error cases in the IFrame. After posting from Iframe, we can put a timer (window.setTimeout) to monitor the readyState of the iframe document. If the readystate is "complete" we got a response in the Iframe. The PPR response for the IFrame could put a token(maybe a javascript global variable) indicating that it is a PPR response. If we do not get the token we did not get a valid response. If the user looses a network connection, an exception is thrown while trying to read the IFrame content(error page). Gecko like IE it also throws an exception in case a user looses a network connection. However in Gecko it is difficult to detect if the content is valid PPR content since it does not have readyState attribute for document. One way to workaround this is to remove all nodes in the document before the PPR post is done. In the timer we can check if the document.documentElement.firstChild exists. If it exists that means the the PPR response document has at least started loading. We can then look for the token in the reponse page to validate that it is a PPR reponse. When these error cases are detected we can either notify the user or reload the main page to show the response from the PPR. Using XMLHTTPRequest solves most of the issues with PPR, however XMLHTTPRequest does not work with multi-part form encoding. In case the page contains file upload elements, it would still make sense to use IFrame to perform XMLHTTP communication. Venkata On 7/18/06, Scott O'Bryan <[EMAIL PROTECTED]> wrote:
Can't we just do a full-page refresh if the session is timed out? Cosma Colanicchia wrote: > There was a discussion about this problem, see this thread in the > archives for the details: > http://mail-archives.apache.org/mod_mbox/incubator-adffaces-dev/200606.mbox/browser > > > I've found a tricky workaround, that involves putting some javascript > in your login page to make it open itself in a popup window when its > loaded in the ppr iframe: > > <script type="text/javascript"> > > // NOTE this is a workaround for an issue when using Trinidad > // PPR requests and container-managed security > > // This is a temporary workaround while waiting for Trinidad to use > // XmlHTTPRequest instead of hidden IFRAMEs for partial page rendering > > function checkPPR() { > var loginForm = document.getElementById("loginForm"); > if ("_pprIFrame" == window.name) { > // Reload myself in a window with a fixed name > var loginWindow = window.open(window.location, "_pprLoginWindow", > "menubar=0,resizable=1,width=350,height=250"); > loginForm.location = window.location; > } > if ("_pprLoginWindow" == window.name) { > // Now I'm in the window, set the target back to the hidden iframe > loginForm.target = "_pprIFrame"; > } > } > > function checkPPRClose() { > // This script trigger also when the login is wrong.. so the > // "login failed" page must also do something to show > // itself outside of the hidden iframe. > if ("_pprLoginWindow" == window.name) { > // The timeout is required to allow performing > // the form submit before closing the window > setTimeout('window.close()', 3000); > } > } > > </script> > </head> > <body onload="checkPPR();"> > <!-- standard action and field names for contained managed security --> > <form id="loginForm" method="POST" action="j_security_check" > onsubmit="checkPPRClose();"> > > > Far from perfect, but it allows the user to escape from the lock that > would occours otherwise. If you come up with a better solution please > share it. > > > regards > Cosma > > 2006/7/18, Jeantine Mankelow <[EMAIL PROTECTED]>: >> We are using adf's ppr features in our web based product. This all >> works fine until the session times out and the users tries to do >> something which would cause a ppr on the already loaded page. To the >> user if appears as if nothing happens, when in fact what is happening is >> the login page is getting rendered in the iFrame. >> >> Any ideas on how we can direct the page the user can see to the login >> page? >> >> Thanks, >> Jeantine >> >
