>I spoke too soon... I still have redirection problems.
I'm -1 on this patch - keeping track of session IDs is unnecessary - this is
what the servlet container does.
Having said that there is a problem with my changes to add
"/redirected/true" to the URL when redirecting, as has been spotted by
several people. The problem comes about when the URL with the
/redirected/true wart is used to initialise Turbine, either because it was
bookmarked or because the page gets refreshed after the servlet container
has restarted. In this case the code in Turbine.java spots the redirected
wart and because the session is new flags an infinite redirect error
condition.
However the wart is still needed as browsers don't like it if you redirect
them to a URL identical to the current URL, even if we know that second time
around we will respond differently because the session will no longer be
new. (This doesn't work obviously if the wart is already there in the
original URL, even if our infinite redirect checking code in Turbine.java is
removed as per this patch).
So after having thought about the problem a little more I suggest retaining
the code as is (previous to this suggested patch) but adding a second
redirect from the URL with the redirected/true wart back to the
original URL. This means that in practice the user will never see the URL
with the redirected/true wart and any bookmarking/refreshing will be of the
original URL. Thus the request after the first redirect serves the
purpose of allowing us to check the integrity of the servlet container's
session persistence mechanism, and the request after the second redirect
serves up the first page.
This pseudo-code in Turbine.java will do it (I'm currently on holiday in
South Africa so can't really write and test the code right now):
if parameters contain redirected=true
{
if session is new
{
throw infinite redirect error
}
else
{
construct a new URL copying everything except the redirected
parameter
redirect to this new URL
}
}
else
{
if session is new and session validator wants a session
{
construct a new URL copying every parameter and added
redirected=true as pathinfo
redirect to this new URL
}
}
This will, I strongly believe, solve all the problems that are being
reported. It does however mean adding an additional redirect into the
initial sequence of requests so two more +1s are needed to go ahead with
this. If I get them I'll implement and test the code after the 10th of
January when I'll be back in the UK. Unless anyone gets there first of
course :-)
--
Sean Legassick
[EMAIL PROTECTED]
------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Search: <http://www.mail-archive.com/turbine%40list.working-dogs.com/>
Problems?: [EMAIL PROTECTED]
