Can you explain how you are generating your redirect url in step 3?
To properly generate a non-SSL redirect to your login page from an SSL request, you should use something like this:
IEngineService service = cycle.getEngine().getService(Tapestry.PAGE_SERVICE);
ILink link = service.getLink(cycle, cycle.getPage(), new Object[] { "Account" });
throw new RedirectException(link.getAbsoluteURL("http", null, "80", null, true));
Paul
Rob Bugh wrote:
Hi All,
Has anyone delt with this problem before? If so, I could use some hand-holding. I'm having a problem during logon of my Tapestry application after a session timeout. Here is the scenario that I use to recreate the problem. I realize there is much detail missing here but I'm not sure where else to begin. I'll provide more detail as needed.
0. Using Tapestry 3.0.1 and Tomcat 5
1. I browse to my Home page and let the browser sit until the session times out
2. Click on the logon button, PageRedirect (using https) to the Logon page
3. Fill in the name and password and hit enter. At this point I see from debug messages that the user is authenticated, their credentials are stuffed into the Visit object, and a RedirectException (using http) is thrown to send the user to the Account page.
4. The pageValidate() method of the Account page complains, however, that the Visit object is null (using the (Visit)getEngine().getVisit() api) and redirects the user back to the Home page.
If I immediately try this scenario again logon succeeds and the Account page is displayed. The problem appears to be related to the fact that I started with a timed out session. I tried tracing through the Tapestry code to see what was going on and as best as I could determine, when the failure occurs, the session is not being preserved from step 3 to 4, i.e., no session exists when the doGet() method of ApplicationServlet is called for step 4. This leads to a new engine being created which explains why the Visit object was null in the pageValidate() call in step 4.
Your thoughs are appreciated.
Thanks, Rob
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
