I had just overwrite it, and place an NSLog, to see if it was being called, but I didn't see the Log. When I hit the back button I go back to the page I was before with a new sessionID.
> We use the direct action request handler as a default to avoid unnessary > session creation. But a session in itself is nothing bad, so why do you > worry about it at all? If you rely on a user connected to a session, then > you should check the user existance before returning any sensible data. > In the Session is where I check the request and ask for the fields userName and password, then I try to authenticate, if there is no such a user I return an exception and show the warning box in the login page, what I really don't understand its why, even I see thtat the session created by Logging in its terminated when logging out, but when I go back, I create a new session but I don't have to type the userName and password again, the request has those fields already. G. > > Regards, > Susanne > > Gustavo Pizano schrieb: > >> Susanne Hi. >> >> Mmm nopt this method its not being called when backing the browser. I >> have realize that in the NSLog I place in the createSessionForRequest, Im >> showing the sessionID, and when backing the browser, its creating a new one, >> ... this is weird, I would have said it was because there was one opened >> session from before the login action. >> >> >> :'(:'( >> >> >> G. >> >> >> On Fri, Sep 25, 2009 at 2:24 PM, Susanne Schneider < >> [email protected] <mailto: >> [email protected]>> wrote: >> >> Hi Gustavo, >> >> hmm, returning to the application and not returning into the >> terminated session should cause no problems. As you could not >> prohibit the browser to send any stale request (from the terminated >> session) you should have implemented the >> "handleSessionRestorationErrorInContext" from the application class >> to forward the browser to your main entrance page (with maybe a >> session timeout notice). >> >> >> Regards, >> Susanne >> >> Gustavo Pizano schrieb: >> >> Sussane hello. >> >> >> In fact I came to the office just now also and I hadn't try to >> implement the log out again.. my LogPut WOCompoent only has a >> <label> tag that says Log out Successfully, thats it, I have >> nothing else, so Im not having any component with actions or >> such a thing. but backing the browser will return me to the >> application... Im trying to figure out first if its because of >> the problem Im having that 2 sessions are being created, one >> when the app launc and the other one when the user login, and >> when I log out, the session that terminates is the one that was >> created when the user login, so Im supposing the one that its >> allowing me to go back on the browser is the other one,, Im >> trying to get rid of it,/// >> >> I will let you know how it went. >> >> G. >> On Fri, Sep 25, 2009 at 2:04 PM, Susanne Schneider >> <[email protected] >> <mailto:[email protected]> >> <mailto:[email protected] >> <mailto:[email protected]>>> wrote: >> >> Hi Gustavo, >> >> sorry for the delay, hasn't been in the office yesterday. >> Maybe you >> solved your problem already? >> >> So I suppose the difference between your and our approach is >> that >> you are working with two custom components: >> 1) page with the logout-link >> 2) page with the logout-message from the direct action >> >> and we are using three components: >> 1) page with logout link to return page 2- >> 2) unshown page for terminating session with the posted >> appendToResponse method (this is more or less a handwritten >> WORedirect) >> 3) page with logout-message from direct action >> >> I think the direct action is completly ok. If you do not >> include any >> statefull components as already mentioned there shall be no >> session. >> Otherwise there should be a fresh session created. The >> possibility >> to return to former session by browser-back is a security issue >> which indicates that the old session has not been terminated. I >> would suspect that the WORedirect preserves the session from >> terminating. >> >> Regards, >> Susanne >> >> Gustavo Pizano schrieb: >> >> Susanne. Thanks so much, >> >> I will apply your method to my project and see what >> happens... >> One question. >> >> >> is my DirectAction good?, I mean, as you saw Im usign >> pageWithName() method, and I read that using that Im >> referencing >> the old session,.... I have confusion here. >> >> Also I must override the appendToRespondMethod in the LogOut >> WOcomponent, isn't ? >> >> Thx. >> >> Gustavo >> >> On Sep 24, 2009, at 5:48 PM, Susanne Schneider wrote: >> >> Hi Gustavo, >> >> this is what we are doing to logout: >> >> 1) the logout link returns a logout-page without any >> real >> surface where the appendToResponse is overwritten to >> terminate the session and to redirect to a "you >> logged out >> successfully" page. The method is : >> >> public void appendToResponse(WOResponse response, >> WOContext >> context) { >> // necessary? >> super.appendToResponse(response, context); >> // finish session >> session().logout(); >> session().terminate(); >> // redirect >> String redirectURL = >> context.request().adaptorPrefix() >> + "/" + context.request().applicationName() + >> ".woa/wa/logout"; >> response.setStatus(302); >> response.setHeader(redirectURL, "location"); >> response.setHeader("0", "content-length"); >> } >> 2) The DirectAction "logoutAction" returns a >> stateless page >> with the logout hint. If you want to avoid creating a >> session on this page make sure that you do not touch >> anything that needs a session. This is especially >> true for >> any form elements or component-action-links. >> >> HTH, >> Susanne >> -- Susanne Schneider >> Coordinator secuTrial Development >> >> iAS interActive Systems GmbH >> Dieffenbachstraße 33 c, D-10967 Berlin >> >> fon +49(0)30 22 50 50 - 498 >> fax +49(0)30 22 50 50 - 451 >> mail [email protected] >> web http://www.interActive-Systems.de >> >> ---------------------------------------------------- >> Geschäftsführer: Dr. Marko Reschke, Thomas Fritzsche >> Sitz der Gesellschaft: Berlin >> Amtsgericht Berlin Charlottenburg, HRB 106103B >> ---------------------------------------------------- >> >> >> >> -- Susanne Schneider >> Coordinator secuTrial Development >> >> iAS interActive Systems GmbH >> Dieffenbachstraße 33 c, D-10967 Berlin >> >> fon +49(0)30 22 50 50 - 498 >> fax +49(0)30 22 50 50 - 451 >> mail [email protected] >> web http://www.interActive-Systems.de >> >> ---------------------------------------------------- >> Geschäftsführer: Dr. Marko Reschke, Thomas Fritzsche >> Sitz der Gesellschaft: Berlin >> Amtsgericht Berlin Charlottenburg, HRB 106103B >> ---------------------------------------------------- >> >> >> >> >> -- Susanne Schneider >> Coordinator secuTrial Development >> >> iAS interActive Systems GmbH >> Dieffenbachstraße 33 c, D-10967 Berlin >> >> fon +49(0)30 22 50 50 - 498 >> fax +49(0)30 22 50 50 - 451 >> mail [email protected] >> web http://www.interActive-Systems.de >> >> ---------------------------------------------------- >> Geschäftsführer: Dr. Marko Reschke, Thomas Fritzsche >> Sitz der Gesellschaft: Berlin >> Amtsgericht Berlin Charlottenburg, HRB 106103B >> ---------------------------------------------------- >> >> >> > > -- > Susanne Schneider > Coordinator secuTrial Development > > iAS interActive Systems GmbH > Dieffenbachstraße 33 c, D-10967 Berlin > > fon +49(0)30 22 50 50 - 498 > fax +49(0)30 22 50 50 - 451 > mail [email protected] > web http://www.interActive-Systems.de > > ---------------------------------------------------- > Geschäftsführer: Dr. Marko Reschke, Thomas Fritzsche > Sitz der Gesellschaft: Berlin > Amtsgericht Berlin Charlottenburg, HRB 106103B > ---------------------------------------------------- >
_______________________________________________ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list ([email protected]) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com This email sent to [email protected]
