Re: WebSession issue - Netbeans & Glassfish
I see. So, if I follow you, I should be OK. The http-to-https switch
happens after the user has chosen some items and added them to the SFSB,
which would have already been created and added to the session. The user
doesn't return to http again until the order is completed and the session is
cleared.
Am I correct?
Thanks!
On Thu, Sep 24, 2009 at 11:44 AM, Igor Vaynberg wrote:
> not really sure what is happening, but one thing to keep inmind is:
>
> when accessing an application over https a cookie that holds the
> session id is marked as secure and is not available to following
> requests if they are over http.
>
> so if the user creates the session over an https request that session
> will essentially be invisible to users over http. this may or may not
> be what is happening to you. if your user enters your app over https
> there is not much you can do, unless you can override container
> environment and stop it from marking the session as secure - which is
> a potential security vulnerability. if your user enters your app over
> http then an easy fix is to create a session right away, that way
> https cookie will hold the same session id.
>
> -igor
>
> On Thu, Sep 24, 2009 at 10:39 AM, VGJ wrote:
> > I've got a very strange problem with WebSession objects becoming null
> > (suddenly ending) while debugging in Netbeans, using Glassfish as an app
> > server. I'm using Wicket 1.3.2 and do not have the option of upgrading
> to
> > the latest version on this project right now.
> >
> > I've got an e-commerce app that switches to https during the checkout
> > process. If I'm not in debug mode in Netbeans, this works properly and
> the
> > session persists from one page to the next after using a redirect, like
> so:
> >
> > getRequestCycle().setRedirect(false);
> >
> getRequestCycle().setRequestTarget(EmptyRequestTarget.getInstance());
> > getResponse().redirect("https://site/secure-page";);
> >
> > I pass a stateful session bean around the application, in the session,
> like
> > so:
> >
> > ShoppingCartLocal cart = ((UserSession)getSession()).getCart();
> >
> > My UserSession class looks like this:
> >
> > public class UserSession extends WebSession
> > {
> >private User user;
> >private ShoppingCartLocal cart;
> >
> >public UserSession(WebApplication application, Request request)
> >{
> >super(application, request);
> >}
> >
> >public User getUser()
> >{
> >return this.user;
> >}
> >
> >public void setUser(User user)
> >{
> >this.user = user;
> >dirty();
> >}
> >
> >public boolean authenticated()
> >{
> >if (this.getUser() == null)
> >return false;
> >else
> >return true;
> >}
> >
> >public ShoppingCartLocal getCart()
> >{
> >return this.cart;
> >}
> >
> >public void setCart(ShoppingCartLocal cart)
> >{
> >this.cart = cart;
> >dirty();
> >}
> > }
> >
> > If I'm debugging, the session becomes null after the redirect and throws
> a
> > NPE when I try accessing it (of course). I get the following message:
> >
> > 141750 [httpSSLWorkerThread-8080-4] ERROR org.apache.wicket.RequestCycle
> -
> > Can't instantiate page using constructor public com.myapp.UserAccount()
> > org.apache.wicket.WicketRuntimeException: Can't instantiate page using
> > constructor public com.myapp.UserAccount()
> >at
> >
> org.apache.wicket.session.DefaultPageFactory.newPage(DefaultPageFactory.java:168)
> >at
> >
> org.apache.wicket.session.DefaultPageFactory.newPage(DefaultPageFactory.java:58)
> >at
> >
> org.apache.wicket.request.target.component.BookmarkablePageRequestTarget.newPage(BookmarkablePageRequestTarget.java:262)
> >at
> >
> org.apache.wicket.request.target.component.BookmarkablePageRequestTarget.getPage(BookmarkablePageRequestTarget.java:283)
> >at
> >
> org.apache.wicket.request.target.component.BookmarkablePageRequestTarget.processEvents(BookmarkablePageRequestTarget.java:210)
> >at
> >
> org.apache.wicket.request.AbstractRequestCycleProcessor.processEvents(AbstractRequestCycleProcessor.java:91)
> >at
> >
> org.apache.wicket.RequestCycle.processEventsAndRespond(RequestCycle.java:1166)
> >at org.apache.wicket.RequestCycle.step(RequestCycle.java:1243)
> >at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1330)
> >at org.apache.wicket.RequestCycle.request(RequestCycle.java:493)
> >at
> > org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:358)
> >at
> >
> org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:194)
> >at
> >
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230)
> >at
> >
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:198)
> >at
> >
> org.apache.catalina.core.StandardWrapperVal
Re: WebSession issue - Netbeans & Glassfish
not really sure what is happening, but one thing to keep inmind is:
when accessing an application over https a cookie that holds the
session id is marked as secure and is not available to following
requests if they are over http.
so if the user creates the session over an https request that session
will essentially be invisible to users over http. this may or may not
be what is happening to you. if your user enters your app over https
there is not much you can do, unless you can override container
environment and stop it from marking the session as secure - which is
a potential security vulnerability. if your user enters your app over
http then an easy fix is to create a session right away, that way
https cookie will hold the same session id.
-igor
On Thu, Sep 24, 2009 at 10:39 AM, VGJ wrote:
> I've got a very strange problem with WebSession objects becoming null
> (suddenly ending) while debugging in Netbeans, using Glassfish as an app
> server. I'm using Wicket 1.3.2 and do not have the option of upgrading to
> the latest version on this project right now.
>
> I've got an e-commerce app that switches to https during the checkout
> process. If I'm not in debug mode in Netbeans, this works properly and the
> session persists from one page to the next after using a redirect, like so:
>
> getRequestCycle().setRedirect(false);
> getRequestCycle().setRequestTarget(EmptyRequestTarget.getInstance());
> getResponse().redirect("https://site/secure-page";);
>
> I pass a stateful session bean around the application, in the session, like
> so:
>
> ShoppingCartLocal cart = ((UserSession)getSession()).getCart();
>
> My UserSession class looks like this:
>
> public class UserSession extends WebSession
> {
> private User user;
> private ShoppingCartLocal cart;
>
> public UserSession(WebApplication application, Request request)
> {
> super(application, request);
> }
>
> public User getUser()
> {
> return this.user;
> }
>
> public void setUser(User user)
> {
> this.user = user;
> dirty();
> }
>
> public boolean authenticated()
> {
> if (this.getUser() == null)
> return false;
> else
> return true;
> }
>
> public ShoppingCartLocal getCart()
> {
> return this.cart;
> }
>
> public void setCart(ShoppingCartLocal cart)
> {
> this.cart = cart;
> dirty();
> }
> }
>
> If I'm debugging, the session becomes null after the redirect and throws a
> NPE when I try accessing it (of course). I get the following message:
>
> 141750 [httpSSLWorkerThread-8080-4] ERROR org.apache.wicket.RequestCycle -
> Can't instantiate page using constructor public com.myapp.UserAccount()
> org.apache.wicket.WicketRuntimeException: Can't instantiate page using
> constructor public com.myapp.UserAccount()
> at
> org.apache.wicket.session.DefaultPageFactory.newPage(DefaultPageFactory.java:168)
> at
> org.apache.wicket.session.DefaultPageFactory.newPage(DefaultPageFactory.java:58)
> at
> org.apache.wicket.request.target.component.BookmarkablePageRequestTarget.newPage(BookmarkablePageRequestTarget.java:262)
> at
> org.apache.wicket.request.target.component.BookmarkablePageRequestTarget.getPage(BookmarkablePageRequestTarget.java:283)
> at
> org.apache.wicket.request.target.component.BookmarkablePageRequestTarget.processEvents(BookmarkablePageRequestTarget.java:210)
> at
> org.apache.wicket.request.AbstractRequestCycleProcessor.processEvents(AbstractRequestCycleProcessor.java:91)
> at
> org.apache.wicket.RequestCycle.processEventsAndRespond(RequestCycle.java:1166)
> at org.apache.wicket.RequestCycle.step(RequestCycle.java:1243)
> at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1330)
> at org.apache.wicket.RequestCycle.request(RequestCycle.java:493)
> at
> org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:358)
> at
> org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:194)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:198)
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:288)
> at
> org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:271)
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:202)
> at
> org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
> at
> org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
> at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:94)
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:206)
> at
> org.apache.catalina.core.Stan
WebSession issue - Netbeans & Glassfish
I've got a very strange problem with WebSession objects becoming null
(suddenly ending) while debugging in Netbeans, using Glassfish as an app
server. I'm using Wicket 1.3.2 and do not have the option of upgrading to
the latest version on this project right now.
I've got an e-commerce app that switches to https during the checkout
process. If I'm not in debug mode in Netbeans, this works properly and the
session persists from one page to the next after using a redirect, like so:
getRequestCycle().setRedirect(false);
getRequestCycle().setRequestTarget(EmptyRequestTarget.getInstance());
getResponse().redirect("https://site/secure-page";);
I pass a stateful session bean around the application, in the session, like
so:
ShoppingCartLocal cart = ((UserSession)getSession()).getCart();
My UserSession class looks like this:
public class UserSession extends WebSession
{
private User user;
private ShoppingCartLocal cart;
public UserSession(WebApplication application, Request request)
{
super(application, request);
}
public User getUser()
{
return this.user;
}
public void setUser(User user)
{
this.user = user;
dirty();
}
public boolean authenticated()
{
if (this.getUser() == null)
return false;
else
return true;
}
public ShoppingCartLocal getCart()
{
return this.cart;
}
public void setCart(ShoppingCartLocal cart)
{
this.cart = cart;
dirty();
}
}
If I'm debugging, the session becomes null after the redirect and throws a
NPE when I try accessing it (of course). I get the following message:
141750 [httpSSLWorkerThread-8080-4] ERROR org.apache.wicket.RequestCycle -
Can't instantiate page using constructor public com.myapp.UserAccount()
org.apache.wicket.WicketRuntimeException: Can't instantiate page using
constructor public com.myapp.UserAccount()
at
org.apache.wicket.session.DefaultPageFactory.newPage(DefaultPageFactory.java:168)
at
org.apache.wicket.session.DefaultPageFactory.newPage(DefaultPageFactory.java:58)
at
org.apache.wicket.request.target.component.BookmarkablePageRequestTarget.newPage(BookmarkablePageRequestTarget.java:262)
at
org.apache.wicket.request.target.component.BookmarkablePageRequestTarget.getPage(BookmarkablePageRequestTarget.java:283)
at
org.apache.wicket.request.target.component.BookmarkablePageRequestTarget.processEvents(BookmarkablePageRequestTarget.java:210)
at
org.apache.wicket.request.AbstractRequestCycleProcessor.processEvents(AbstractRequestCycleProcessor.java:91)
at
org.apache.wicket.RequestCycle.processEventsAndRespond(RequestCycle.java:1166)
at org.apache.wicket.RequestCycle.step(RequestCycle.java:1243)
at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1330)
at org.apache.wicket.RequestCycle.request(RequestCycle.java:493)
at
org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:358)
at
org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:194)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:198)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:288)
at
org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:271)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:202)
at
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
at
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:94)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:206)
at
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
at
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)
at
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1080)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:150)
at
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
at
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)
at
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1080)
at
org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:272)
at
com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.invokeAdapter(DefaultProcessorTask.java:637)
