Hi,

some months ago, i developed a own client window handling for a
ASP.NETapplication.

It's like a mix of LAZY and CLIENTWINDOW -> IMO it's completely safe but
the windowhandler.html streaming is reduced to a minimum.

The main concept behind it is -> the windowId will not be rendered for
links.
All link onclick's will be overwritten, a validation cookie will be stored
before the redirect and the redirect will be done via js:

window.location = window.location + window.deltaspikeJsWindowId;

Therefore, "open in new window" will work normally as the windowId is
not rendered to the URL.


The windowhandler.html will only be streamed for GET requests if a
windowId is available and no or a invalid cookie is available.


ExternalContext#redirect will still append to windowId to the redirect URL.


A rough workflow/overview:


GET request:
        without windowId:
                generate new windowId
                render script with new windowId
                    add hidden inputs to form
                        overwrite onclick on all links -> window.location == 
element.href +
currentWindowId;

        
        with windowId and invalid/no cookie:
                stream windowHandler html
                    compare window.name and windowId ->
                 windowId == windowName -> set cookie and redirect refresh

                                 window.name == "" || windowId != windowName -> 
remove windowId
from URL and refresh
        
        with windowId and valid cookie:
            reuse windowId
                render script with new windowId

                    add hidden inputs to form
                        overwrite onclick on all links -> window.location == 
element.href +
currentWindowId;

POST:
   get windowId from post param



Hopefully i explained all details (and correctly) - it's already late for
friday ;)
WDYT?

Regards,
Thomas

Reply via email to