Hi all,
I'm now back in the UK from holiday so have had time to look properly at
the question of handling the redirect when a user hits the
Turbine servlet for the first time.
I've implemented the strategy I outlined in my previous mail, and it
works quite nicely. Put simply the sequence goes (assuming that the
session validator wants a new session, and that the session handling is
working):
Request 1: Session is new, Turbine redirects to the request URL adding
"redirected/true" to the URL
Request 2: "redirected/true" is spotted, the session is now not new,
Turbine redirects back to the original URL (i.e. the request
URL with "redirected/true" removed).
Request 3: No "redirected/true", and the session is not new so the
request gets processed as per normal.
The advantages are that infinite redirect is spotted properly, the
browser never complains about a redirect to the same URL, and the URL
that the user sees in the Location bar is clean (i.e. no redirected/true
wart visible).
I need 2 more +1s (and no -1s) to commit the patch as it does involve
adding an extra redirect to the first request by a user...
Sean
Index: Turbine.java
===================================================================
RCS file: /products/cvs/turbine/turbine/src/java/org/apache/turbine/Turbine.java,v
retrieving revision 1.34
diff -u -r1.34 Turbine.java
--- Turbine.java 2001/01/06 01:36:12 1.34
+++ Turbine.java 2001/01/17 17:25:49
@@ -146,6 +146,12 @@
public static final String PROPERTIES_PATH_DEFAULT =
"/WEB-INF/conf/TurbineResources.properties";
/**
+ * Name of path info parameter used to indicate the redirected stage of
+ * a given user's initial Turbine request
+ */
+ public static final String REDIRECTED_PATHINFO_NAME = "redirected";
+
+ /**
* Servlet initialization parameter name for the path to
* the root of the web application, used by
* {@link
org.apache.turbine.util.ServletUtils#expandRelative(ServletConfig,String)}
@@ -277,46 +283,74 @@
.getInstance()
.getInstance(TurbineResources
.getString("action.sessionvalidator") );
-
- // Insist that the client starts a session before access
- // to data is allowed. this is done by redirecting them to
- // the "screen.homepage" page but you could have them go
- // to any page as a starter (ie: the homepage)
- // "data.getResponse()" represents the HTTP servlet
- // response.
- if ( sessionValidator.requiresNewSession(data) &&
- data.getSession().isNew() )
- {
- DynamicURI duri = new DynamicURI (data, true);
-
- // Pass on the sent data in pathinfo.
- for (Enumeration e = data.getParameters().keys() ;
- e.hasMoreElements() ;)
- {
- String key = (String) e.nextElement();
- String value =
- (String) data.getParameters().getString ( key );
- duri.addPathInfo((String)key, (String)value );
- }
- // add a dummy bit of path info to fool browser into thinking
- // this is a new URL
- if (data.getParameters().getString("redirected") == null)
- {
- duri.addPathInfo("redirected", "true");
- }
- // if the redirected param was already there then we've been
- // round this once already :-(
- else
+ // if this is the redirected stage of the initial request, check that
+ // the session is now not new. If it is not, then redirect back to the
+ // original URL (i.e. remove the "redirected" pathinfo)
+ if (data.getParameters().getString(REDIRECTED_PATHINFO_NAME, "false")
+ .equals("true"))
+ {
+ if (data.getSession().isNew())
{
String message = "Infinite redirect detected...";
log(message);
Log.error(message);
throw new Exception(message);
}
+ else
+ {
+ DynamicURI duri = new DynamicURI (data, true);
- data.getResponse().sendRedirect( duri.toString() );
- return;
+ // Pass on the sent data in pathinfo.
+ for (Enumeration e = data.getParameters().keys() ;
+ e.hasMoreElements() ;)
+ {
+ String key = (String) e.nextElement();
+ if (!key.equals(REDIRECTED_PATHINFO_NAME))
+ {
+ String value =
+ (String) data.getParameters().getString ( key );
+ duri.addPathInfo((String)key, (String)value );
+ }
+ }
+
+ data.getResponse().sendRedirect( duri.toString() );
+ return;
+ }
+ }
+ else
+ {
+ // Insist that the client starts a session before access
+ // to data is allowed. this is done by redirecting them to
+ // the "screen.homepage" page but you could have them go
+ // to any page as a starter (ie: the homepage)
+ // "data.getResponse()" represents the HTTP servlet
+ // response.
+ if ( sessionValidator.requiresNewSession(data) &&
+ data.getSession().isNew() )
+ {
+ DynamicURI duri = new DynamicURI (data, true);
+
+ // Pass on the sent data in pathinfo.
+ for (Enumeration e = data.getParameters().keys() ;
+ e.hasMoreElements() ;)
+ {
+ String key = (String) e.nextElement();
+ String value =
+ (String) data.getParameters().getString ( key );
+ duri.addPathInfo((String)key, (String)value );
+ }
+
+ // add a dummy bit of path info to fool browser into thinking
+ // this is a new URL
+ if (!data.getParameters().containsKey(REDIRECTED_PATHINFO_NAME))
+ {
+ duri.addPathInfo(REDIRECTED_PATHINFO_NAME, "true");
+ }
+
+ data.getResponse().sendRedirect( duri.toString() );
+ return;
+ }
}
// Fill in the screen and action variables.
--
Sean Legassick
[EMAIL PROTECTED]
Czlowiekiem jestem i nic co ludzkie nie jest mi obce
------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Search: <http://www.mail-archive.com/turbine%40list.working-dogs.com/>
Problems?: [EMAIL PROTECTED]
