Hi,
Werner, I'm not sure, if the security manger / redirect solution is the
correct approach.
JSF 2.0 provides event and error listener queues on the Javascript side.
In case of an AJAX POST that doesn't find a valid session it should be
appropriate to return a session timeout error. The spec doesn't mention
this specific case, but errors in general are returned via an error tag
in the AJAX XML and if the client has registered an error funciton it
will be triggered. The client code then can decide how to handle the error.
Best Regards,
Ganesh
Werner Punz schrieb:
Jan-Kees van Andel schrieb:
Hey,
I'm not sure what the JSR314 spec has to say about it, but are you
going to create something to handle session timeouts?
It's a common problem with JEE Ajax apps, because you expect XML or
JSON or something, but instead you end up with a login page.
What I do on my current project, is checking in JavaScript if the
response follows the expected format (in my case, I checked for a
specific XML tag). If it doesn't, I know something is wrong and I
redirect (document.location="newUrl") to the login page.
It might be a good idea to provide a hook in MyFaces for this. AFAIK,
the other JSF Ajax frameworks don't have this feature.
Actually the JSR has a special redirect response in the ajax part...
A security manager in the application can provide such a response
which then forces the javascript to redirect to the provided page!
I dont think this should be part of the core code :-), since security
concerns are part of the application and have to be dealt there!
Werner
