[Wicket-user] Session management
Hi I was wondering how wicket maintains its session state. We are currently working on a crossbrowser application, where our application(wicket) lives within an Iframe. If we hit refresh on the page, wicket looses its session id. As far as I can see wicket does store the session id in a cookie? Regards Nino - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] Session management
On 28.8.2006, at 10.53, Nino Wael wrote: Hi I was wondering how wicket maintains it’s session state. We are currently working on a crossbrowser application, where our application(wicket) lives within an Iframe. If we hit refresh on the page, wicket looses its session id. As far as I can see wicket does store the session id in a cookie?Wicket has nothing to do with this, it uses normal servlet container for session management. Servlet spec states there have to be cookies and session id parameter for fallback. So, yes, the session id is stored in a cookie.Janne- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] Session management
That was what I thought, I do know that wicket is not the bad guy hereJ Whats the default timeout on the cookie? Or am I barking up the wrong leg? .regards Nino From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Janne Hietamäki Sent: 28. august 2006 09:56 To: wicket-user@lists.sourceforge.net Subject: Re: [Wicket-user] Session management On 28.8.2006, at 10.53, Nino Wael wrote: Hi I was wondering how wicket maintains its session state. We are currently working on a crossbrowser application, where our application(wicket) lives within an Iframe. If we hit refresh on the page, wicket looses its session id. As far as I can see wicket does store the session id in a cookie? Wicket has nothing to do with this, it uses normal servlet container for session management. Servlet spec states there have to be cookies and session id parameter for fallback. So, yes, the session id is stored in a cookie. Janne - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] Session management
Session cookie expires when browser is shut down, but on the server side the default is 30 minutes. This can be altered in the web.xml by adding something like this:session-config session-timeout60/session-timeout/session-configJanneOn 28.8.2006, at 11.00, Nino Wael wrote: That was what I thought, I do know that wicket is not the bad guy hereJ Whats the default timeout on the cookie? Or am I barking up the wrong leg? .regards Nino From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Janne Hietamäki Sent: 28. august 2006 09:56 To: wicket-user@lists.sourceforge.net Subject: Re: [Wicket-user] Session management On 28.8.2006, at 10.53, Nino Wael wrote:Hi I was wondering how wicket maintains it’s session state. We are currently working on a crossbrowser application, where our application(wicket) lives within an Iframe. If we hit refresh on the page, wicket looses its session id. As far as I can see wicket does store the session id in a cookie? Wicket has nothing to do with this, it uses normal servlet container for session management. Servlet spec states there have to be cookies and session id parameter for fallback. So, yes, the session id is stored in a cookie. - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] Session management
Ahh, wasnt sure if you used something special. We use both mounted urls and url parameters, im wondering if this could give us the problem so for example we could have a link like this: http://Server/viewer/overblik/Y03 where this is the raw page http://server/viewer and parameters are overblik and Y03. the whole lot are set as the source of the IFRAME, could any of this break the session id? Regards Nino From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Janne Hietamäki Sent: 28. august 2006 10:06 To: wicket-user@lists.sourceforge.net Subject: Re: [Wicket-user] Session management Session cookie expires when browser is shut down, but on the server side the default is 30 minutes. This can be altered in the web.xml by adding something like this: session-config session-timeout60/session-timeout /session-config Janne On 28.8.2006, at 11.00, Nino Wael wrote: That was what I thought, I do know that wicket is not the bad guy hereJ Whats the default timeout on the cookie? Or am I barking up the wrong leg? .regards Nino From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Janne Hietamäki Sent: 28. august 2006 09:56 To: wicket-user@lists.sourceforge.net Subject: Re: [Wicket-user] Session management On 28.8.2006, at 10.53, Nino Wael wrote: Hi I was wondering how wicket maintains its session state. We are currently working on a crossbrowser application, where our application(wicket) lives within an Iframe. If we hit refresh on the page, wicket looses its session id. As far as I can see wicket does store the session id in a cookie? Wicket has nothing to do with this, it uses normal servlet container for session management. Servlet spec states there have to be cookies and session id parameter for fallback. So, yes, the session id is stored in a cookie. - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] Session management
What kind of problems do you really have? May be you should check this http://www.wicket-wiki.org.uk/wiki/index.php/Using_framesJanneOn 28.8.2006, at 11.23, Nino Wael wrote: Ahh, wasnt sure if you used something special. We use both mounted urls and url parameters, im wondering if this could give us the problem so for example we could have a link like this: http://Server/viewer/overblik/Y03 where this is the raw page http://server/viewer and parameters are overblik and Y03. the whole lot are set as the source of the IFRAME, could any of this break the session id? Regards Nino From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Janne Hietamäki Sent: 28. august 2006 10:06 To: wicket-user@lists.sourceforge.net Subject: Re: [Wicket-user] Session management Session cookie expires when browser is shut down, but on the server side the default is 30 minutes. This can be altered in the web.xml by adding something like this: session-config session-timeout60/session-timeout /session-config Janne On 28.8.2006, at 11.00, Nino Wael wrote:That was what I thought, I do know that wicket is not the bad guy hereJ Whats the default timeout on the cookie? Or am I barking up the wrong leg? .regards Nino From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Janne Hietamäki Sent: 28. august 2006 09:56 To: wicket-user@lists.sourceforge.net Subject: Re: [Wicket-user] Session management On 28.8.2006, at 10.53, Nino Wael wrote: Hi I was wondering how wicket maintains it’s session state. We are currently working on a crossbrowser application, where our application(wicket) lives within an Iframe. If we hit refresh on the page, wicket looses its session id. As far as I can see wicket does store the session id in a cookie? Wicket has nothing to do with this, it uses normal servlet container for session management. Servlet spec states there have to be cookies and session id parameter for fallback. So, yes, the session id is stored in a cookie. -Using Tomcat but need to do more? Need to support web services, security?Get stuff done quickly with pre-integrated technology to make your job easierDownload IBM WebSphere Application Server v.1.0.1 based on Apache Geronimohttp://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642___Wicket-user mailing listWicket-user@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/wicket-user Janne HietamäkiTeknologiajohtajaOy Cemron AbOsoite:Kehräsaari33200 Tamperehttp://www.cemron.fipuh. +358 40 724 7680[EMAIL PROTECTED] - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] Session management
Our problem is that every time you hit the refresh, wicket apparently looses track of session. And creates a new sessionid. The above is not so critical in it self, yet. But we have to create authentication, so the user can login if user wants to. I've tested the above with a simple html page on my laptop linking directly to our base page without being mounted or having parameters encapsuled in the url, this if working just fine. So im thinking that it could either be the way that the other vendor generates the iframe to wicket that causes this or it might be the encapsulation of parameters that does it or a combination? regards Nino -Oprindelig meddelelse- Fra: [EMAIL PROTECTED] på vegne af Janne Hietamäki Sendt: ma 28-08-2006 10:34 Til: wicket-user@lists.sourceforge.net Cc: Emne: Re: [Wicket-user] Session management What kind of problems do you really have? May be you should check this http://www.wicket-wiki.org.uk/wiki/index.php/Using_frames Janne On 28.8.2006, at 11.23, Nino Wael wrote: Ahh, wasnt sure if you used something special. We use both mounted urls and url parameters, im wondering if this could give us the problem so for example we could have a link like this: http://Server/viewer/overblik/Y03 where this is the raw page http://server/viewer and parameters are overblik and Y03. the whole lot are set as the source of the IFRAME, could any of this break the session id? Regards Nino _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Janne Hietamäki Sent: 28. august 2006 10:06 To: wicket-user@lists.sourceforge.net Subject: Re: [Wicket-user] Session management Session cookie expires when browser is shut down, but on the server side the default is 30 minutes. This can be altered in the web.xml by adding something like this: session-config session-timeout60/session-timeout /session-config Janne On 28.8.2006, at 11.00, Nino Wael wrote: That was what I thought, I do know that wicket is not the bad guy here:-) Whats the default timeout on the cookie? Or am I barking up the wrong leg? .regards Nino _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Janne Hietamäki Sent: 28. august 2006 09:56 To: wicket-user@lists.sourceforge.net Subject: Re: [Wicket-user] Session management On 28.8.2006, at 10.53, Nino Wael wrote: Hi I was wondering how wicket maintains it’s session state. We are currently working on a crossbrowser application, where our application(wicket) lives within an Iframe. If we hit refresh on the page, wicket looses its session id. As far as I can see wicket does store the session id in a cookie? Wicket has nothing to do with this, it uses normal servlet container for session management. Servlet spec states there have to be cookies and session id parameter for fallback. So, yes, the session id is stored in a cookie. - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user Janne Hietamäki Teknologiajohtaja Oy Cemron Ab Osoite: Kehräsaari 33200 Tampere http://www.cemron.fi http://www.cemron.fi/ puh. 40 724 7680 [EMAIL PROTECTED] winmail.dat
Re: [Wicket-user] Session management
you could use the FireFox plugin Tamper Data and look what is sent to wicket.See if the session cookie is sent to the server yes or no.johanOn 8/28/06, Nino Wael [EMAIL PROTECTED] wrote: Our problem is that every time you hit the refresh, wicket apparently looses track of session. And creates a new sessionid.The above is not so critical in it self, yet. But we have to create authentication, so the user can login if user wants to. I've tested the above with a simple html page on my laptop linking directly to our base page without being mounted or having parameters encapsuled in the url, this if working just fine. So im thinking that it could either be the way that the other vendor generates the iframe to wicket that causes this or it might be the encapsulation of parameters that does it or a combination?regards Nino -Oprindelig meddelelse-Fra: [EMAIL PROTECTED] på vegne af Janne HietamäkiSendt: ma 28-08-2006 10:34 Til: wicket-user@lists.sourceforge.netCc:Emne: Re: [Wicket-user] Session managementWhat kind of problems do you really have? May be you should check this http://www.wicket-wiki.org.uk/wiki/index.php/Using_framesJanneOn 28.8.2006, at 11.23, Nino Wael wrote:Ahh, wasnt sure if you used something special. We use both mounted urls and url parameters, im wondering if this could give us the problem so for example we could have a link like this: http://Server/viewer/overblik/Y03where this is the raw page http://server/viewer and parameters are overblik and Y03. the whole lot are set as the source of the IFRAME, could any of this break the session id? Regards Nino_From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Janne HietamäkiSent: 28. august 2006 10:06To: wicket-user@lists.sourceforge.net Subject: Re: [Wicket-user] Session managementSession cookie expires when browser is shut down, but on the server side the default is 30 minutes. This can be altered in the web.xml by adding something like this:session-configsession-timeout60/session-timeout/session-config JanneOn 28.8.2006, at 11.00, Nino Wael wrote:That was what I thought, I do know that wicket is not the bad guy here:-) Whats the default timeout on the cookie? Or am I barking up the wrong leg?.regards Nino_From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Janne HietamäkiSent: 28. august 2006 09:56 To: wicket-user@lists.sourceforge.netSubject: Re: [Wicket-user] Session managementOn 28.8.2006 , at 10.53, Nino Wael wrote:HiI was wondering how wicket maintains it's session state. We are currently working on a crossbrowser application, where our application(wicket) lives within an Iframe. If we hit refresh on the page, wicket looses its session id. As far as I can see wicket does store the session id in a cookie? Wicket has nothing to do with this, it uses normal servlet container for session management. Servlet spec states there have to be cookies and session id parameter for fallback. So, yes, the session id is stored in a cookie. -Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easierDownload IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642___Wicket-user mailing list Wicket-user@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/wicket-userJanne Hietamäki TeknologiajohtajaOy Cemron AbOsoite:Kehräsaari33200 Tamperehttp://www.cemron.fi http://www.cemron.fi/puh. 40 724 7680[EMAIL PROTECTED]- Using Tomcat but need to do more? Need to support web services, security?Get stuff done quickly with pre-integrated technology to make your job easierDownload IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642___ Wicket-user mailing listWicket-user@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/wicket-user - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] Session management
Im using Paros, trying out the plugin for firefox. But as far as I can see Wicket asks to set a new session(initial page): http://img181.imageshack.us/my.php?image=session1pq3.jpg second hit: http://img245.imageshack.us/img245/8315/session2vh3.jpg regards Nino From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Johan Compagner Sent: 28. august 2006 10:49 To: wicket-user@lists.sourceforge.net Subject: Re: [Wicket-user] Session management you could use the FireFox plugin Tamper Data and look what is sent to wicket. See if the session cookie is sent to the server yes or no. johan On 8/28/06, Nino Wael [EMAIL PROTECTED] wrote: Our problem is that every time you hit the refresh, wicket apparently looses track of session. And creates a new sessionid. The above is not so critical in it self, yet. But we have to create authentication, so the user can login if user wants to. I've tested the above with a simple html page on my laptop linking directly to our base page without being mounted or having parameters encapsuled in the url, this if working just fine. So im thinking that it could either be the way that the other vendor generates the iframe to wicket that causes this or it might be the encapsulation of parameters that does it or a combination? regards Nino -Oprindelig meddelelse- Fra: [EMAIL PROTECTED] på vegne af Janne Hietamäki Sendt: ma 28-08-2006 10:34 Til: wicket-user@lists.sourceforge.net Cc: Emne: Re: [Wicket-user] Session management What kind of problems do you really have? May be you should check this http://www.wicket-wiki.org.uk/wiki/index.php/Using_frames Janne On 28.8.2006, at 11.23, Nino Wael wrote: Ahh, wasnt sure if you used something special. We use both mounted urls and url parameters, im wondering if this could give us the problem so for example we could have a link like this: http://Server/viewer/overblik/Y03 where this is the raw page http://server/viewer and parameters are overblik and Y03. the whole lot are set as the source of the IFRAME, could any of this break the session id? Regards Nino _ From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Janne Hietamäki Sent: 28. august 2006 10:06 To: wicket-user@lists.sourceforge.net Subject: Re: [Wicket-user] Session management Session cookie expires when browser is shut down, but on the server side the default is 30 minutes. This can be altered in the web.xml by adding something like this: session-config session-timeout60/session-timeout /session-config Janne On 28.8.2006, at 11.00, Nino Wael wrote: That was what I thought, I do know that wicket is not the bad guy here:-) Whats the default timeout on the cookie? Or am I barking up the wrong leg? .regards Nino _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Janne Hietamäki Sent: 28. august 2006 09:56 To: wicket-user@lists.sourceforge.net Subject: Re: [Wicket-user] Session management On 28.8.2006 , at 10.53, Nino Wael wrote: Hi I was wondering how wicket maintains it's session state. We are currently working on a crossbrowser application, where our application(wicket) lives within an Iframe. If we hit refresh on the page, wicket looses its session id. As far as I can see wicket does store the session id in a cookie? Wicket has nothing to do with this, it uses normal servlet container for session management. Servlet spec states there have to be cookies and session id parameter for fallback. So, yes, the session id is stored in a cookie. - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user Janne Hietamäki Teknologiajohtaja Oy Cemron Ab Osoite: Kehräsaari 33200 Tampere http://www.cemron.fi http://www.cemron.fi/ puh. 40 724 7680 [EMAIL PROTECTED] - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642
Re: [Wicket-user] Session management
This migth be a stupid question but does getPageMap().clear(); clear the session aswell? Regards Nino From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nino Wael Sent: 28. august 2006 11:04 To: wicket-user@lists.sourceforge.net Subject: Re: [Wicket-user] Session management Im using Paros, trying out the plugin for firefox. But as far as I can see Wicket asks to set a new session(initial page): http://img181.imageshack.us/my.php?image=session1pq3.jpg second hit: http://img245.imageshack.us/img245/8315/session2vh3.jpg regards Nino From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Johan Compagner Sent: 28. august 2006 10:49 To: wicket-user@lists.sourceforge.net Subject: Re: [Wicket-user] Session management you could use the FireFox plugin Tamper Data and look what is sent to wicket. See if the session cookie is sent to the server yes or no. johan On 8/28/06, Nino Wael [EMAIL PROTECTED] wrote: Our problem is that every time you hit the refresh, wicket apparently looses track of session. And creates a new sessionid. The above is not so critical in it self, yet. But we have to create authentication, so the user can login if user wants to. I've tested the above with a simple html page on my laptop linking directly to our base page without being mounted or having parameters encapsuled in the url, this if working just fine. So im thinking that it could either be the way that the other vendor generates the iframe to wicket that causes this or it might be the encapsulation of parameters that does it or a combination? regards Nino -Oprindelig meddelelse- Fra: [EMAIL PROTECTED] på vegne af Janne Hietamäki Sendt: ma 28-08-2006 10:34 Til: wicket-user@lists.sourceforge.net Cc: Emne: Re: [Wicket-user] Session management What kind of problems do you really have? May be you should check this http://www.wicket-wiki.org.uk/wiki/index.php/Using_frames Janne On 28.8.2006, at 11.23, Nino Wael wrote: Ahh, wasnt sure if you used something special. We use both mounted urls and url parameters, im wondering if this could give us the problem so for example we could have a link like this: http://Server/viewer/overblik/Y03 where this is the raw page http://server/viewer and parameters are overblik and Y03. the whole lot are set as the source of the IFRAME, could any of this break the session id? Regards Nino _ From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Janne Hietamäki Sent: 28. august 2006 10:06 To: wicket-user@lists.sourceforge.net Subject: Re: [Wicket-user] Session management Session cookie expires when browser is shut down, but on the server side the default is 30 minutes. This can be altered in the web.xml by adding something like this: session-config session-timeout60/session-timeout /session-config Janne On 28.8.2006, at 11.00, Nino Wael wrote: That was what I thought, I do know that wicket is not the bad guy here:-) Whats the default timeout on the cookie? Or am I barking up the wrong leg? .regards Nino _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Janne Hietamäki Sent: 28. august 2006 09:56 To: wicket-user@lists.sourceforge.net Subject: Re: [Wicket-user] Session management On 28.8.2006 , at 10.53, Nino Wael wrote: Hi I was wondering how wicket maintains it's session state. We are currently working on a crossbrowser application, where our application(wicket) lives within an Iframe. If we hit refresh on the page, wicket looses its session id. As far as I can see wicket does store the session id in a cookie? Wicket has nothing to do with this, it uses normal servlet container for session management. Servlet spec states there have to be cookies and session id parameter for fallback. So, yes, the session id is stored in a cookie. - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user Janne Hietamäki Teknologiajohtaja Oy Cemron Ab Osoite: Kehräsaari 33200 Tampere http://www.cemron.fi http://www.cemron.fi/ puh. 40 724 7680 [EMAIL PROTECTED
Re: [Wicket-user] Session management
If the page and the iframe content does not originate from the same server the browser security settings can cause the cookies are not accepted. For example on firefox setting Preferences/Privacy/Cookies/ for the originating site only should not be set. If the cookie is set, the Cookie-header is sent on every request going to the server and you should see it on Paros. Janne On 28.8.2006, at 11.46, Nino Wael wrote: Our problem is that every time you hit the refresh, wicket apparently looses track of session. And creates a new sessionid. The above is not so critical in it self, yet. But we have to create authentication, so the user can login if user wants to. I've tested the above with a simple html page on my laptop linking directly to our base page without being mounted or having parameters encapsuled in the url, this if working just fine. So im thinking that it could either be the way that the other vendor generates the iframe to wicket that causes this or it might be the encapsulation of parameters that does it or a combination? regards Nino -Oprindelig meddelelse- Fra: [EMAIL PROTECTED] på vegne af Janne Hietamäki Sendt: ma 28-08-2006 10:34 Til: wicket-user@lists.sourceforge.net Cc: Emne: Re: [Wicket-user] Session management What kind of problems do you really have? May be you should check this http://www.wicket-wiki.org.uk/wiki/index.php/Using_frames Janne On 28.8.2006, at 11.23, Nino Wael wrote: Ahh, wasnt sure if you used something special. We use both mounted urls and url parameters, im wondering if this could give us the problem so for example we could have a link like this: http://Server/viewer/overblik/Y03 where this is the raw page http://server/viewer and parameters are overblik and Y03. the whole lot are set as the source of the IFRAME, could any of this break the session id? Regards Nino _ From: [EMAIL PROTECTED] [mailto:wicket- [EMAIL PROTECTED] On Behalf Of Janne Hietamäki Sent: 28. august 2006 10:06 To: wicket-user@lists.sourceforge.net Subject: Re: [Wicket-user] Session management Session cookie expires when browser is shut down, but on the server side the default is 30 minutes. This can be altered in the web.xml by adding something like this: session-config session-timeout60/session-timeout /session-config Janne On 28.8.2006, at 11.00, Nino Wael wrote: That was what I thought, I do know that wicket is not the bad guy here:-) Whats the default timeout on the cookie? Or am I barking up the wrong leg? .regards Nino - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] Session management
why dont you disable cookies in web.xml and rely on url rewriting then??? Regards, Korbinian -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Nino Wael Gesendet: Montag, 28. August 2006 15:32 An: wicket-user@lists.sourceforge.net Betreff: Re: [Wicket-user] Session management I see the problem, as a default firefox actually allows 3rd party cookies. But we are targeting IE 6(SP2) which does not by default allow 3rd party cookies. Thanks for your mail. Regards Nino -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Janne Hietamäki Sent: 28. august 2006 13:17 To: wicket-user@lists.sourceforge.net Subject: Re: [Wicket-user] Session management If the page and the iframe content does not originate from the same server the browser security settings can cause the cookies are not accepted. For example on firefox setting Preferences/Privacy/Cookies/ for the originating site only should not be set. If the cookie is set, the Cookie-header is sent on every request going to the server and you should see it on Paros. Janne On 28.8.2006, at 11.46, Nino Wael wrote: Our problem is that every time you hit the refresh, wicket apparently looses track of session. And creates a new sessionid. The above is not so critical in it self, yet. But we have to create authentication, so the user can login if user wants to. I've tested the above with a simple html page on my laptop linking directly to our base page without being mounted or having parameters encapsuled in the url, this if working just fine. So im thinking that it could either be the way that the other vendor generates the iframe to wicket that causes this or it might be the encapsulation of parameters that does it or a combination? regards Nino -Oprindelig meddelelse- Fra: [EMAIL PROTECTED] på vegne af Janne Hietamäki Sendt: ma 28-08-2006 10:34 Til: wicket-user@lists.sourceforge.net Cc: Emne: Re: [Wicket-user] Session management What kind of problems do you really have? May be you should check this http://www.wicket-wiki.org.uk/wiki/index.php/Using_frames Janne On 28.8.2006, at 11.23, Nino Wael wrote: Ahh, wasnt sure if you used something special. We use both mounted urls and url parameters, im wondering if this could give us the problem so for example we could have a link like this: http://Server/viewer/overblik/Y03 where this is the raw page http://server/viewer and parameters are overblik and Y03. the whole lot are set as the source of the IFRAME, could any of this break the session id? Regards Nino _ From: [EMAIL PROTECTED] [mailto:wicket- [EMAIL PROTECTED] On Behalf Of Janne Hietamäki Sent: 28. august 2006 10:06 To: wicket-user@lists.sourceforge.net Subject: Re: [Wicket-user] Session management Session cookie expires when browser is shut down, but on the server side the default is 30 minutes. This can be altered in the web.xml by adding something like this: session-config session-timeout60/session-timeout /session-config Janne On 28.8.2006, at 11.00, Nino Wael wrote: That was what I thought, I do know that wicket is not the bad guy here:-) Whats the default timeout on the cookie? Or am I barking up the wrong leg? .regards Nino -- --- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057; dat=121642 ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user -- --- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057; dat=121642
Re: [Wicket-user] Session management
I see the problem, as a default firefox actually allows 3rd party cookies. But we are targeting IE 6(SP2) which does not by default allow 3rd party cookies. Thanks for your mail. Regards Nino -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Janne Hietamäki Sent: 28. august 2006 13:17 To: wicket-user@lists.sourceforge.net Subject: Re: [Wicket-user] Session management If the page and the iframe content does not originate from the same server the browser security settings can cause the cookies are not accepted. For example on firefox setting Preferences/Privacy/Cookies/ for the originating site only should not be set. If the cookie is set, the Cookie-header is sent on every request going to the server and you should see it on Paros. Janne On 28.8.2006, at 11.46, Nino Wael wrote: Our problem is that every time you hit the refresh, wicket apparently looses track of session. And creates a new sessionid. The above is not so critical in it self, yet. But we have to create authentication, so the user can login if user wants to. I've tested the above with a simple html page on my laptop linking directly to our base page without being mounted or having parameters encapsuled in the url, this if working just fine. So im thinking that it could either be the way that the other vendor generates the iframe to wicket that causes this or it might be the encapsulation of parameters that does it or a combination? regards Nino -Oprindelig meddelelse- Fra: [EMAIL PROTECTED] på vegne af Janne Hietamäki Sendt: ma 28-08-2006 10:34 Til: wicket-user@lists.sourceforge.net Cc: Emne: Re: [Wicket-user] Session management What kind of problems do you really have? May be you should check this http://www.wicket-wiki.org.uk/wiki/index.php/Using_frames Janne On 28.8.2006, at 11.23, Nino Wael wrote: Ahh, wasnt sure if you used something special. We use both mounted urls and url parameters, im wondering if this could give us the problem so for example we could have a link like this: http://Server/viewer/overblik/Y03 where this is the raw page http://server/viewer and parameters are overblik and Y03. the whole lot are set as the source of the IFRAME, could any of this break the session id? Regards Nino _ From: [EMAIL PROTECTED] [mailto:wicket- [EMAIL PROTECTED] On Behalf Of Janne Hietamäki Sent: 28. august 2006 10:06 To: wicket-user@lists.sourceforge.net Subject: Re: [Wicket-user] Session management Session cookie expires when browser is shut down, but on the server side the default is 30 minutes. This can be altered in the web.xml by adding something like this: session-config session-timeout60/session-timeout /session-config Janne On 28.8.2006, at 11.00, Nino Wael wrote: That was what I thought, I do know that wicket is not the bad guy here:-) Whats the default timeout on the cookie? Or am I barking up the wrong leg? .regards Nino - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user - Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnkkid=120709bid=263057dat=121642 ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] session management
Ok, this worked ok. Now i have a question, what kind of verification should i do on checkAccess(), and if i inherits AuthenticatedWebPage, what that do to my pages??
Re: [Wicket-user] session management
any kind of verification you want. thats your business logic. you have access to the session so you can pull the user from that.-IgorOn 11/26/05, Manuel Corrales [EMAIL PROTECTED] wrote: Ok, this worked ok. Now i have a question, what kind of verification should i do on checkAccess(), and if i inherits AuthenticatedWebPage, what that do to my pages??
Re: [Wicket-user] session management
I have this session: public final class UserSession extends WebSession { private Usuario user; /** * Constructor. * @param app */ public UserSession(Application app) { super(app); } /** * * @return true si existe un usuario logeado. */ public boolean isSignedIn() { if (user == null) return false; return true; } /** * * @return el nombre del usuario logeado. */ public Usuario getUser() { return user; } /** * @param user * New user */ public void setUser(Usuario user) { this.user = user; } } I have the sessionFactory on the application and then on the submit method i do: UserSession us = (UserSession)getSession(); us.setUser(usuario); setResponsePage(new Bienvenido()); where usuario is an model object i get from database. Is this right? On 11/21/05, Igor Vaynberg [EMAIL PROTECTED] wrote: On 11/21/05, Manuel Corrales [EMAIL PROTECTED] wrote: Hi, i've asked this question once but dont get a solution. So here i go again:Sorry, must've missed it. I have some clues about stateful beans and stateless beans but not too much. What i need is that when a user logins, create an object and that that object exists during the user session (to logout). Now i think this is easy to do with a app server, but all i have is tomcat and wicket. Is there a way of achieve this?This is easy to do w/out an application server. all you have to do is put the object into user's servlet-container session. It will remain there until you close the session on user's behalf (users clicks log out link) or the session times out. This is a general solution that will work in any servlet-container environment. A problem with this approach is that the session is just a map, so you always have to cast the object when you pull it out. Wicket builds on top of the servlet container's session by allowing you to use type-safe semantics. look at WebSession object in wicket and ISessionFactory. By providing your own ISessionFactory you can create your own subclass of WebSession which can have a getter/setter method for your object. Whenever the object is there, simply call the setter in the websession and the object will remain there across requests. Use the getter to pull it back out. Here is an example implementation:public class PhonebookApplication extends HibernateApplication { private final ISessionFactory sessionFactory=new ISessionFactory() { public wicket.Session newSession() { return new PhonebookSession(PhonebookApplication.this); } }; protected ISessionFactory getSessionFactory() { return sessionFactory; } }Here PhonebookSession is a custom session subclass public class PhonebookSession extends WebSessionYou can get to session by creating a utility class in your page subclass that looks like this:public class BasePage extends WebPage { public PhonebookSession getMySession() { return (PhonebookSession)getSession()); } Another related question is: How can i forbid access to a non loged user? If you are using 1.1 check out the Page.checkAccess() method. This method is called before rendering of any page. Here you do the check and if the user is not logged in redirect them to a login page. See Sign-in example for both solutions. Let me know if you need more help.-Igor
Re: [Wicket-user] session management
Looks right-IgorOn 11/22/05, Manuel Corrales [EMAIL PROTECTED] wrote: I have this session: public final class UserSession extends WebSession { private Usuario user; /** * Constructor. * @param app */ public UserSession(Application app) { super(app); } /** * * @return true si existe un usuario logeado. */ public boolean isSignedIn() { if (user == null) return false; return true; } /** * * @return el nombre del usuario logeado. */ public Usuario getUser() { return user; } /** * @param user * New user */ public void setUser(Usuario user) { this.user = user; } } I have the sessionFactory on the application and then on the submit method i do: UserSession us = (UserSession)getSession(); us.setUser(usuario); setResponsePage(new Bienvenido()); where usuario is an model object i get from database. Is this right? On 11/21/05, Igor Vaynberg [EMAIL PROTECTED] wrote: On 11/21/05, Manuel Corrales [EMAIL PROTECTED] wrote: Hi, i've asked this question once but dont get a solution. So here i go again:Sorry, must've missed it. I have some clues about stateful beans and stateless beans but not too much. What i need is that when a user logins, create an object and that that object exists during the user session (to logout). Now i think this is easy to do with a app server, but all i have is tomcat and wicket. Is there a way of achieve this?This is easy to do w/out an application server. all you have to do is put the object into user's servlet-container session. It will remain there until you close the session on user's behalf (users clicks log out link) or the session times out. This is a general solution that will work in any servlet-container environment. A problem with this approach is that the session is just a map, so you always have to cast the object when you pull it out. Wicket builds on top of the servlet container's session by allowing you to use type-safe semantics. look at WebSession object in wicket and ISessionFactory. By providing your own ISessionFactory you can create your own subclass of WebSession which can have a getter/setter method for your object. Whenever the object is there, simply call the setter in the websession and the object will remain there across requests. Use the getter to pull it back out. Here is an example implementation:public class PhonebookApplication extends HibernateApplication { private final ISessionFactory sessionFactory=new ISessionFactory() { public wicket.Session newSession() { return new PhonebookSession(PhonebookApplication.this); } }; protected ISessionFactory getSessionFactory() { return sessionFactory; } }Here PhonebookSession is a custom session subclass public class PhonebookSession extends WebSessionYou can get to session by creating a utility class in your page subclass that looks like this:public class BasePage extends WebPage { public PhonebookSession getMySession() { return (PhonebookSession)getSession()); } Another related question is: How can i forbid access to a non loged user? If you are using 1.1 check out the Page.checkAccess() method. This method is called before rendering of any page. Here you do the check and if the user is not logged in redirect them to a login page. See Sign-in example for both solutions. Let me know if you need more help.-Igor
[Wicket-user] session management
Hi, i've asked this question once but dont get a solution. So here i go again: I have some clues about stateful beans and stateless beans but not too much. What i need is that when a user logins, create an object and that that object exists during the user session (to logout). Now i think this is easy to do with a app server, but all i have is tomcat and wicket. Is there a way of achieve this? Another related question is: How can i forbid access to a non loged user? Thanks very much.
Re: [Wicket-user] session management
You could best take a look at the sign-in example of wicket-examples. It has a custom session - which can be used to store information you want to keep during the whole user session - and it has an example of how to prevent access/ redirect to a login page for a non logged on user. Eelco On 11/21/05, Manuel Corrales [EMAIL PROTECTED] wrote: Hi, i've asked this question once but dont get a solution. So here i go again: I have some clues about stateful beans and stateless beans but not too much. What i need is that when a user logins, create an object and that that object exists during the user session (to logout). Now i think this is easy to do with a app server, but all i have is tomcat and wicket. Is there a way of achieve this? Another related question is: How can i forbid access to a non loged user? Thanks very much. --- This SF.Net email is sponsored by the JBoss Inc. Get Certified Today Register for a JBoss Training Course. Free Certification Exam for All Training Attendees Through End of 2005. For more info visit: http://ads.osdn.com/?ad_idv28alloc_id845op=click ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] session management
On 11/21/05, Manuel Corrales [EMAIL PROTECTED] wrote: Hi, i've asked this question once but dont get a solution. So here i go again:Sorry, must've missed it. I have some clues about stateful beans and stateless beans but not too much. What i need is that when a user logins, create an object and that that object exists during the user session (to logout). Now i think this is easy to do with a app server, but all i have is tomcat and wicket. Is there a way of achieve this?This is easy to do w/out an application server. all you have to do is put the object into user's servlet-container session. It will remain there until you close the session on user's behalf (users clicks log out link) or the session times out. This is a general solution that will work in any servlet-container environment. A problem with this approach is that the session is just a map, so you always have to cast the object when you pull it out. Wicket builds on top of the servlet container's session by allowing you to use type-safe semantics. look at WebSession object in wicket and ISessionFactory. By providing your own ISessionFactory you can create your own subclass of WebSession which can have a getter/setter method for your object. Whenever the object is there, simply call the setter in the websession and the object will remain there across requests. Use the getter to pull it back out. Here is an example implementation:public class PhonebookApplication extends HibernateApplication { private final ISessionFactory sessionFactory=new ISessionFactory() { public wicket.Session newSession() { return new PhonebookSession(PhonebookApplication.this); } }; protected ISessionFactory getSessionFactory() { return sessionFactory; } }Here PhonebookSession is a custom session subclass public class PhonebookSession extends WebSessionYou can get to session by creating a utility class in your page subclass that looks like this:public class BasePage extends WebPage { public PhonebookSession getMySession() { return (PhonebookSession)getSession()); } Another related question is: How can i forbid access to a non loged user? If you are using 1.1 check out the Page.checkAccess() method. This method is called before rendering of any page. Here you do the check and if the user is not logged in redirect them to a login page. See Sign-in example for both solutions. Let me know if you need more help.-Igor
[Wicket-user] Session Management
Hi all! How can i set wicket to only use URL-Rewriting for sessions rather than cookies no matter if the browser supports cookies or not? Thanx, Dave --- SF.Net email is Sponsored by the Better Software Conference EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile Plan-Driven Development * Managing Projects Teams * Testing QA Security * Process Improvement Measurement * http://www.sqe.com/bsce5sf ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user
Re: [Wicket-user] Session Management
That is not a matter of Wicket (Struts, Webwork). You have to configure the servlet container (jetty, tomcat, etc) Juergen On 8/7/05, David Liebeherr [EMAIL PROTECTED] wrote: Hi all! How can i set wicket to only use URL-Rewriting for sessions rather than cookies no matter if the browser supports cookies or not? Thanx, Dave --- SF.Net email is Sponsored by the Better Software Conference EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile Plan-Driven Development * Managing Projects Teams * Testing QA Security * Process Improvement Measurement * http://www.sqe.com/bsce5sf ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user --- SF.Net email is Sponsored by the Better Software Conference EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile Plan-Driven Development * Managing Projects Teams * Testing QA Security * Process Improvement Measurement * http://www.sqe.com/bsce5sf ___ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user