Hi Chirag,
Am 16.09.2009 um 11:09 schrieb Chirag Patel:
> I am using qooxdoo v0.8.2
> I need to refresh session after logout. To achieve this I am using
> Rpc.refreshSession() method.
> However, it seems that this method is not working. I copied few
> lines of from method refreshSession().
> refreshSession : function(handler)
> {
> if (this.getCrossDomain())
> {
> if (qx.core.ServerSettings &&
> qx.core.ServerSettings.serverPathSuffix)
> {
> var timeDiff =
> (new Date()).getTime() -
> qx.core.ServerSettings.lastSessionRefresh;
> ................................
> ................................
> }
> else
> {
> handler(false); // no refresh possible, but would
> be necessary
> }
> }
> else
> {
> handler(true); // session refresh was OK (in this
> case: not needed)
> }
> }
>
>
> As per the code the method refreshSession() refreshes session only
> if the method getCrossDomain() returns true.
This is a bug. Could you please create a Bugzilla entry?
> In most cases we will not have cross domain calls so is the case
> with my application.
>
> How can I refresh session without setting attribute crossDomain to
> true?
>
> As a work around I am explicitly calling remote method
> "refreshSession" just like any other remote method using
> Rpc.callSync() method and execute the function returned by the
> method. It works as expected.
>
> PS: Even after setting crossDomain to true, my session is not
> getting refreshed.
"Refresh" in the RPC class doesn't mean what you apparently think it
does. The session refresh code performs the following actions:
1.) Check if the session id that is currently used is still valid.
2.) If not, get a new session id from the server (which may or may not
be the same as the old one).
The purpose is to re-establish a session when it has (or may have)
timed out. Without a refresh, the old id would be used forever. If the
session has already timed out, the server would create a new session
for _every new request_ (because the id is no longer valid).
Of course you can also handle that case in a different way in your
application. refreshSession is simply intended as a helper method that
you can use. For example, you can call it before every RPC call. Or if
you want to keep the session alive, even without user activity, call
it on regular intervals. But you can't use refreshSession for logging
out/invalidating the current session.
For login/logout functionality, you should write corresponding RPC
server methods. In the logout method, remove all user-related data
from the session (username, data loaded by the user, etc). Or if you
really need to completely invalidate the session, call
session.invalidate(). In this case, you have to let the client know
that the old session is no longer valid, either by reloading the page
programmatically (so that .qxrpc is freshly loaded) or by performing
the following:
qx.core.ServerSettings.sessionTimeoutInSeconds = 0;
// to mark the session as expired on the client
myRpcInstance.refreshSession(handler);
You can also delay the call to refreshSession() until the next server
call, thus avoiding the creation of a new session that might not be
used anyway (if the user closes the browser after logout).
Regards,
Andreas J.
------------------------------------------------------------------------------
Come build with us! The BlackBerry® Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay
ahead of the curve. Join us from November 9-12, 2009. Register now!
http://p.sf.net/sfu/devconf
_______________________________________________
qooxdoo-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/qooxdoo-devel
