Ah, now I see your problem in the response: HTTP/1.1 200 OK Date: Tue, 24 Nov 2015 02:24:22 GMT Set-Cookie: JSESSIONID=11cp2c2bxz66fgyqfso1mrcgw;Path=/TeraTextRS;Secure;HttpOnly *Expires: Thu, 01 Jan 1970 00:00:00 GMT* Content-Type: text/html;charset=utf-8 Transfer-Encoding: chunked Server: Jetty(9.3.6.v20151106)
Note the bold line; the cookie will expire automatically. I'm not sure why Jetty is sending this, but your session timeout value is very small, so you may want to start by increasing that (I don't see why that would create an Expires header in the past, but...). You can also try setting the maxAge for the cookie. At any rate, this sounds like a Jetty issue. ___ Kito D. Mann | @kito99 | Author, JSF in Action Web Components, Polymer, JSF, PrimeFaces, Java EE, and Liferay training and consulting Virtua, Inc. | http://www.virtua.com | http://www.JSFCentral.com | @jsfcentral +1 203-998-0403 * Listen to the Enterprise Java Newscast: *http:// <http://blogs.jsfcentral.com/JSFNewscast/>enterprisejavanews.com <http://ww.enterprisejavanews.com>* On Mon, Nov 23, 2015 at 11:42 PM, Jojada Tirtowidjojo <[email protected]> wrote: > I have tried in both Firefox and IE and got the same behavior. > I have also tried to specifically set an entry 'localhost' in the Chrome > 'Manage Exceptions' setting. This is because the webapp url is just at > http://localhost:<port>/. > Setting cookie domain to 'localhost' also does not make any difference. > > I am now wondering if this has something to do with my login page or other > configurations. > The login page is as below: > > <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" " > http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";> > <html xmlns="http://www.w3.org/1999/xhtml"; > xmlns:ui="http://java.sun.com/jsf/facelets"; > xmlns:h="http://java.sun.com/jsf/html"; > xmlns:f="http://java.sun.com/jsf/core"; > xmlns:t="http://myfaces.apache.org/tomahawk";> > <f:view> > <f:loadBundle basename="queryClient_en_AU" var="qry"/> > <ui:composition template="/template/main.xhtml"> > <ui:define name="main"> > <div align="center"> > > <t:div styleClass="errorDiv" > rendered="#{utilsBean.hasMessage('loginerror')}"> > <h:message id="loginerror" for="loginerror" > styleClass="errorStyle"/> > </t:div> > > <h:form> > <t:panelGrid id="login" columns="3"> > <h:outputLabel for="Username" value="Username"/> > <h:inputText id="Username" styleClass="logstyle" value="#{ > user.name}" > size="20" required="true"/> > <h:message for="Username" styleClass="errorText"/> > > <h:outputLabel for="Username" value="Password"/> > <h:inputSecret id="pass" styleClass="logstyle" size="20" > value="#{user.password}" required="true"/> > > <h:commandButton id="idlog" value="Login" > action="#{user.login}" styleClass="logbutton"/> > </t:panelGrid> > </h:form> > </div> > </ui:define> > </ui:composition> > </f:view> > </html> > > Any thought ? > > > On Tue, Nov 24, 2015 at 2:58 PM, Kito Mann <[email protected]> wrote: > >> Hmmm... it does look like a browser issue. If you click Manage Exceptions >> for cookies in Chrome, is this site listed? Have you tried with another >> browser? >> >> ___ >> >> Kito D. Mann | @kito99 | Author, JSF in Action >> Web Components, Polymer, JSF, PrimeFaces, Java EE, and Liferay training >> and consulting >> Virtua, Inc. | http://www.virtua.com | >> http://www.JSFCentral.com | @jsfcentral >> +1 203-998-0403 >> >> * Listen to the Enterprise Java Newscast: *http:// >> <http://blogs.jsfcentral.com/JSFNewscast/>enterprisejavanews.com >> <http://ww.enterprisejavanews.com>* >> >> >> On Mon, Nov 23, 2015 at 10:53 PM, Jojada Tirtowidjojo <[email protected]> >> wrote: >> >>> Just giving more info. >>> >>> The ViewExpiredException is caused by the missing >>> SerializedViewCollection object in the session as the code execution >>> reaches line 338 of the ServerSideStateCacheImpl class >>> >>> protected Object getSerializedViewFromServletSession(FacesContext >>> context, String viewId, Object sequence) >>> { >>> ExternalContext externalContext = context.getExternalContext(); >>> Map<Object, Object> attributeMap = context.getAttributes(); >>> Object serializedView = null; >>> if >>> (attributeMap.containsKey(RESTORED_SERIALIZED_VIEW_REQUEST_ATTR)) >>> { >>> serializedView = >>> attributeMap.get(RESTORED_SERIALIZED_VIEW_REQUEST_ATTR); >>> } >>> else >>> { >>> 338: SerializedViewCollection viewCollection = >>> (SerializedViewCollection) externalContext >>> .getSessionMap().get(SERIALIZED_VIEW_SESSION_ATTR); >>> if (viewCollection != null) >>> { >>> if (sequence != null) >>> { >>> Object state = viewCollection.get( >>> >>> getSessionViewStorageFactory().createSerializedViewKey( >>> context, viewId, sequence)); >>> if (state != null) >>> { >>> serializedView = deserializeView(state); >>> } >>> } >>> } >>> attributeMap.put(RESTORED_SERIALIZED_VIEW_REQUEST_ATTR, >>> serializedView); >>> >>> Could this possibly be caused by the cookie session setting that isn't >>> working correctly ? >>> >>> The cookie setting in my web.xml is: >>> <session-config> >>> <session-timeout>240</session-timeout> >>> <cookie-config> >>> <http-only>true</http-only> >>> <secure>true</secure> >>> </cookie-config> >>> <tracking-mode>COOKIE</tracking-mode> >>> </session-config> >>> >>> When I first visit the login page, the Http Response Headers from the >>> server is >>> >>> 1. HTTP/1.1 200 OK Date: Tue, 24 Nov 2015 02:24:22 GMT Set-Cookie: >>> JSESSIONID=11cp2c2bxz66fgyqfso1mrcgw;Path=/TeraTextRS;Secure;HttpOnly >>> Expires: Thu, 01 Jan 1970 00:00:00 GMT Content-Type: >>> text/html;charset=utf-8 Transfer-Encoding: chunked Server: >>> Jetty(9.3.6.v20151106) >>> >>> I can see the 'Set-Cookie' header is set by the server. >>> However, when I submit the login form, the Http Request Headers from the >>> client is: >>> >>> 1. POST /TeraTextRS/pages/login.rs HTTP/1.1 Host: localhost:7620 >>> Connection: keep-alive Content-Length: 157 Cache-Control: max-age=0 >>> Accept: >>> >>> text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 >>> Origin: http://localhost:7620 Upgrade-Insecure-Requests: 1 >>> User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 >>> (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36 Content-Type: >>> application/x-www-form-urlencoded DNT: 1 Referer: >>> http://localhost:7620/TeraTextRS/pages/login.rs >>> Accept-Encoding >>> <http://localhost:7620/TeraTextRS/pages/login.rsAccept-Encoding>: >>> gzip, deflate Accept-Language: en-US,en;q=0.8 >>> >>> There isn't 'Cookie' header in the request. >>> The client is Chrome and I have already set its Cookies setting to >>> 'Allow local data to be set'. >>> >>> The fact that the request header does not have 'Cookie' header set has >>> bothered me. >>> >>> Your help is very much appreciated. >>> >>> Jo.- >>> >>> On Tue, Nov 24, 2015 at 2:33 PM, Jojada Tirtowidjojo <[email protected]> >>> wrote: >>> >>>> Hi All, >>>> >>>> I am new to JSF and Myfaces and need answers or pointers that can help >>>> me fix the problem I am currently having. Would you please help ? >>>> >>>> My application embeds a Jetty 9.3.6 server and uses the Apache MyFaces >>>> 2.2.8. It runs well with the Jetty default session tracking modes: URL and >>>> COOKIE but a problem arises when I change the tracking mode to 'COOKIE' >>>> only. As soon as I submit login details from the login page I receive the >>>> following exception: >>>> >>>> javax.faces.application.ViewExpiredException: /pages/login.rs - No saved >>>> view state could be found for the view identifier: /pages/login.rs >>>> at >>>> org.apache.myfaces.lifecycle.RestoreViewExecutor.execute(RestoreViewExecutor.java:183) >>>> at >>>> org.apache.myfaces.lifecycle.LifecycleImpl.executePhase(LifecycleImpl.java:196) >>>> at >>>> org.apache.myfaces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:143) >>>> at javax.faces.webapp.FacesServlet.service(FacesServlet.java:198) >>>> at >>>> org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:821) >>>> at >>>> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1685) >>>> at >>>> org.apache.myfaces.webapp.filter.ExtensionsFilter.doFilter(ExtensionsFilter.java:357) >>>> at >>>> org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668) >>>> at >>>> org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:581) >>>> at >>>> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) >>>> at >>>> org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548) >>>> at >>>> org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:226) >>>> at >>>> org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1158) >>>> at >>>> org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:511) >>>> at >>>> org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185) >>>> at >>>> org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1090) >>>> at >>>> org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) >>>> at >>>> org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:109) >>>> at >>>> org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:119) >>>> at org.eclipse.jetty.server.Server.handle(Server.java:517) >>>> at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:308) >>>> at >>>> org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:242) >>>> at >>>> org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:261) >>>> at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:95) >>>> at >>>> org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:75) >>>> at >>>> org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceAndRun(ExecuteProduceConsume.java:213) >>>> at >>>> org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:147) >>>> at >>>> org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:654) >>>> at >>>> org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:572) >>>> at java.lang.Thread.run(Thread.java:745) >>>> >>>> Tracing the Myfaces code suggests that the previously saved >>>> SerializedViewCollection object in the servlet session, somehow, has gone >>>> missing during an attempt to restore the login view. >>>> >>>> Any comment, answer, and/or pointer is very much appreciated. >>>> >>>> Cheers, >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>> >> >
