IMO, the current method is not THAT ugly (i.e. sticking the
redirect/true on the end of the request and leaving it.) I don't have
any voting power, but isn't one redirect enough? Over a slow
connection, it might get kinda' annoying.
Will Stranathan
Sean Legassick wrote:
> Hi all,
>
> I'm now back in the UK from holiday so have had time to look properly at
> the question of handling the redirect when a user hits the
> Turbine servlet for the first time.
>
> I've implemented the strategy I outlined in my previous mail, and it
> works quite nicely. Put simply the sequence goes (assuming that the
> session validator wants a new session, and that the session handling is
> working):
>
> Request 1: Session is new, Turbine redirects to the request URL adding
> "redirected/true" to the URL
>
> Request 2: "redirected/true" is spotted, the session is now not new,
> Turbine redirects back to the original URL (i.e. the request
> URL with "redirected/true" removed).
>
> Request 3: No "redirected/true", and the session is not new so the
> request gets processed as per normal.
>
> The advantages are that infinite redirect is spotted properly, the
> browser never complains about a redirect to the same URL, and the URL
> that the user sees in the Location bar is clean (i.e. no redirected/true
> wart visible).
>
> I need 2 more +1s (and no -1s) to commit the patch as it does involve
> adding an extra redirect to the first request by a user...
>
> Sean
>
>
> Index: Turbine.java
> ===================================================================
> RCS file: /products/cvs/turbine/turbine/src/java/org/apache/turbine/Turbine.java,v
> retrieving revision 1.34
> diff -u -r1.34 Turbine.java
> --- Turbine.java 2001/01/06 01:36:12 1.34
> +++ Turbine.java 2001/01/17 17:25:49
> @@ -146,6 +146,12 @@
> public static final String PROPERTIES_PATH_DEFAULT =
>"/WEB-INF/conf/TurbineResources.properties";
>
> /**
> + * Name of path info parameter used to indicate the redirected stage of
> + * a given user's initial Turbine request
> + */
> + public static final String REDIRECTED_PATHINFO_NAME = "redirected";
> +
> + /**
> * Servlet initialization parameter name for the path to
> * the root of the web application, used by
> * {@link
>org.apache.turbine.util.ServletUtils#expandRelative(ServletConfig,String)}
> @@ -277,46 +283,74 @@
> .getInstance()
> .getInstance(TurbineResources
> .getString("action.sessionvalidator") );
> -
> - // Insist that the client starts a session before access
> - // to data is allowed. this is done by redirecting them to
> - // the "screen.homepage" page but you could have them go
> - // to any page as a starter (ie: the homepage)
> - // "data.getResponse()" represents the HTTP servlet
> - // response.
> - if ( sessionValidator.requiresNewSession(data) &&
> - data.getSession().isNew() )
> - {
> - DynamicURI duri = new DynamicURI (data, true);
> -
> - // Pass on the sent data in pathinfo.
> - for (Enumeration e = data.getParameters().keys() ;
> - e.hasMoreElements() ;)
> - {
> - String key = (String) e.nextElement();
> - String value =
> - (String) data.getParameters().getString ( key );
> - duri.addPathInfo((String)key, (String)value );
> - }
>
> - // add a dummy bit of path info to fool browser into thinking
> - // this is a new URL
> - if (data.getParameters().getString("redirected") == null)
> - {
> - duri.addPathInfo("redirected", "true");
> - }
> - // if the redirected param was already there then we've been
> - // round this once already :-(
> - else
> + // if this is the redirected stage of the initial request, check that
> + // the session is now not new. If it is not, then redirect back to the
> + // original URL (i.e. remove the "redirected" pathinfo)
> + if (data.getParameters().getString(REDIRECTED_PATHINFO_NAME, "false")
> + .equals("true"))
> + {
> + if (data.getSession().isNew())
> {
> String message = "Infinite redirect detected...";
> log(message);
> Log.error(message);
> throw new Exception(message);
> }
> + else
> + {
> + DynamicURI duri = new DynamicURI (data, true);
>
> - data.getResponse().sendRedirect( duri.toString() );
> - return;
> + // Pass on the sent data in pathinfo.
> + for (Enumeration e = data.getParameters().keys() ;
> + e.hasMoreElements() ;)
> + {
> + String key = (String) e.nextElement();
> + if (!key.equals(REDIRECTED_PATHINFO_NAME))
> + {
> + String value =
> + (String) data.getParameters().getString ( key );
> + duri.addPathInfo((String)key, (String)value );
> + }
> + }
> +
> + data.getResponse().sendRedirect( duri.toString() );
> + return;
> + }
> + }
> + else
> + {
> + // Insist that the client starts a session before access
> + // to data is allowed. this is done by redirecting them to
> + // the "screen.homepage" page but you could have them go
> + // to any page as a starter (ie: the homepage)
> + // "data.getResponse()" represents the HTTP servlet
> + // response.
> + if ( sessionValidator.requiresNewSession(data) &&
> + data.getSession().isNew() )
> + {
> + DynamicURI duri = new DynamicURI (data, true);
> +
> + // Pass on the sent data in pathinfo.
> + for (Enumeration e = data.getParameters().keys() ;
> + e.hasMoreElements() ;)
> + {
> + String key = (String) e.nextElement();
> + String value =
> + (String) data.getParameters().getString ( key );
> + duri.addPathInfo((String)key, (String)value );
> + }
> +
> + // add a dummy bit of path info to fool browser into thinking
> + // this is a new URL
> + if (!data.getParameters().containsKey(REDIRECTED_PATHINFO_NAME))
> + {
> + duri.addPathInfo(REDIRECTED_PATHINFO_NAME, "true");
> + }
> +
> + data.getResponse().sendRedirect( duri.toString() );
> + return;
> + }
> }
>
> // Fill in the screen and action variables.
------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Search: <http://www.mail-archive.com/turbine%40list.working-dogs.com/>
Problems?: [EMAIL PROTECTED]
