Im gonna check that out... I will let you know. g.
On Fri, Sep 25, 2009 at 3:06 PM, Susanne Schneider < [email protected]> wrote: > Hi Gustavo, > > is the login method itself a direct action? I remember vague that we > considered once to handle the login by a direct action and come across the > same problem. Although it is more comfortable for the user to handle the > login by a direct action (no timeout of the login page) this was the blocker > for us. So we returned to a normal component handling of the login. For > better user experience the logout leads to a sessionless logout page with a > link to the session-creating login page. > > Maybe thats your problem too? > Susanne > > Gustavo Pizano schrieb: > >> >> I had just overwrite it, and place an NSLog, to see if it was being >> called, but I didn't see the Log. >> >> When I hit the back button I go back to the page I was before with a new >> sessionID. >> >> We use the direct action request handler as a default to avoid >> unnessary session creation. But a session in itself is nothing bad, >> so why do you worry about it at all? If you rely on a user connected >> to a session, then you should check the user existance before >> returning any sensible data. >> >> In the Session is where I check the request and ask for the fields >> userName and password, then I try to authenticate, if there is no such a >> user I return an exception and show the warning box in the login page, >> what I really don't understand its why, even I see thtat the session >> created by Logging in its terminated when logging out, but when I go back, I >> create a new session but I don't have to type the userName and password >> again, the request has those fields already. >> >> G. >> >> >> >> Regards, >> Susanne >> >> Gustavo Pizano schrieb: >> >> Susanne Hi. >> >> >> Mmm nopt this method its not being called when backing the >> browser. I have realize that in the NSLog I place in the >> createSessionForRequest, Im showing the sessionID, and when >> backing the browser, its creating a new one, ... this is weird, >> I would have said it was because there was one opened session >> from before the login action. >> >> >> :'(:'( >> >> >> G. >> >> >> On Fri, Sep 25, 2009 at 2:24 PM, Susanne Schneider >> <[email protected] >> <mailto:[email protected]> >> <mailto:[email protected] >> <mailto:[email protected]>>> wrote: >> >> Hi Gustavo, >> >> hmm, returning to the application and not returning into the >> terminated session should cause no problems. As you could not >> prohibit the browser to send any stale request (from the >> terminated >> session) you should have implemented the >> "handleSessionRestorationErrorInContext" from the application >> class >> to forward the browser to your main entrance page (with maybe a >> session timeout notice). >> >> >> Regards, >> Susanne >> >> Gustavo Pizano schrieb: >> >> Sussane hello. >> >> >> In fact I came to the office just now also and I hadn't >> try to >> implement the log out again.. my LogPut WOCompoent only >> has a >> <label> tag that says Log out Successfully, thats it, I have >> nothing else, so Im not having any component with actions or >> such a thing. but backing the browser will return me to the >> application... Im trying to figure out first if its >> because of >> the problem Im having that 2 sessions are being created, one >> when the app launc and the other one when the user login, >> and >> when I log out, the session that terminates is the one >> that was >> created when the user login, so Im supposing the one that >> its >> allowing me to go back on the browser is the other one,, Im >> trying to get rid of it,/// >> >> I will let you know how it went. >> >> G. >> On Fri, Sep 25, 2009 at 2:04 PM, Susanne Schneider >> <[email protected] >> <mailto:[email protected]> >> <mailto:[email protected] >> <mailto:[email protected]>> >> <mailto:[email protected] >> <mailto:[email protected]> >> <mailto:[email protected] >> <mailto:[email protected]>>>> wrote: >> >> Hi Gustavo, >> >> sorry for the delay, hasn't been in the office yesterday. >> Maybe you >> solved your problem already? >> >> So I suppose the difference between your and our >> approach is that >> you are working with two custom components: >> 1) page with the logout-link >> 2) page with the logout-message from the direct action >> >> and we are using three components: >> 1) page with logout link to return page 2- >> 2) unshown page for terminating session with the posted >> appendToResponse method (this is more or less a >> handwritten >> WORedirect) >> 3) page with logout-message from direct action >> >> I think the direct action is completly ok. If you do not >> include any >> statefull components as already mentioned there shall >> be no >> session. >> Otherwise there should be a fresh session created. The >> possibility >> to return to former session by browser-back is a >> security issue >> which indicates that the old session has not been >> terminated. I >> would suspect that the WORedirect preserves the >> session from >> terminating. >> >> Regards, >> Susanne >> >> Gustavo Pizano schrieb: >> >> Susanne. Thanks so much, >> >> I will apply your method to my project and see what >> happens... >> One question. >> >> >> is my DirectAction good?, I mean, as you saw Im usign >> pageWithName() method, and I read that using that Im >> referencing >> the old session,.... I have confusion here. >> >> Also I must override the appendToRespondMethod in >> the LogOut >> WOcomponent, isn't ? >> >> Thx. >> >> Gustavo >> >> On Sep 24, 2009, at 5:48 PM, Susanne Schneider wrote: >> >> Hi Gustavo, >> >> this is what we are doing to logout: >> >> 1) the logout link returns a logout-page >> without any real >> surface where the appendToResponse is >> overwritten to >> terminate the session and to redirect to a "you >> logged out >> successfully" page. The method is : >> >> public void appendToResponse(WOResponse response, >> WOContext >> context) { >> // necessary? >> super.appendToResponse(response, context); >> // finish session >> session().logout(); >> session().terminate(); >> // redirect >> String redirectURL = >> context.request().adaptorPrefix() >> + "/" + context.request().applicationName() + >> ".woa/wa/logout"; >> response.setStatus(302); >> response.setHeader(redirectURL, >> "location"); >> response.setHeader("0", "content-length"); >> } >> 2) The DirectAction "logoutAction" returns a >> stateless page >> with the logout hint. If you want to avoid >> creating a >> session on this page make sure that you do not >> touch >> anything that needs a session. This is especially >> true for >> any form elements or component-action-links. >> >> HTH, >> Susanne >> -- Susanne Schneider >> Coordinator secuTrial Development >> >> iAS interActive Systems GmbH >> Dieffenbachstraße 33 c, D-10967 Berlin >> >> fon +49(0)30 22 50 50 - 498 >> fax +49(0)30 22 50 50 - 451 >> mail [email protected] >> web http://www.interActive-Systems.de >> >> >> ---------------------------------------------------- >> Geschäftsführer: Dr. Marko Reschke, Thomas >> Fritzsche >> Sitz der Gesellschaft: Berlin >> Amtsgericht Berlin Charlottenburg, HRB 106103B >> >> ---------------------------------------------------- >> >> >> >> -- Susanne Schneider >> Coordinator secuTrial Development >> >> iAS interActive Systems GmbH >> Dieffenbachstraße 33 c, D-10967 Berlin >> >> fon +49(0)30 22 50 50 - 498 >> fax +49(0)30 22 50 50 - 451 >> mail [email protected] >> web http://www.interActive-Systems.de >> >> ---------------------------------------------------- >> Geschäftsführer: Dr. Marko Reschke, Thomas Fritzsche >> Sitz der Gesellschaft: Berlin >> Amtsgericht Berlin Charlottenburg, HRB 106103B >> ---------------------------------------------------- >> >> >> >> >> -- Susanne Schneider >> Coordinator secuTrial Development >> >> iAS interActive Systems GmbH >> Dieffenbachstraße 33 c, D-10967 Berlin >> >> fon +49(0)30 22 50 50 - 498 >> fax +49(0)30 22 50 50 - 451 >> mail [email protected] >> web http://www.interActive-Systems.de >> >> ---------------------------------------------------- >> Geschäftsführer: Dr. Marko Reschke, Thomas Fritzsche >> Sitz der Gesellschaft: Berlin >> Amtsgericht Berlin Charlottenburg, HRB 106103B >> ---------------------------------------------------- >> >> >> >> >> -- Susanne Schneider >> Coordinator secuTrial Development >> >> iAS interActive Systems GmbH >> Dieffenbachstraße 33 c, D-10967 Berlin >> >> fon +49(0)30 22 50 50 - 498 >> fax +49(0)30 22 50 50 - 451 >> mail [email protected] >> web http://www.interActive-Systems.de >> >> ---------------------------------------------------- >> Geschäftsführer: Dr. Marko Reschke, Thomas Fritzsche >> Sitz der Gesellschaft: Berlin >> Amtsgericht Berlin Charlottenburg, HRB 106103B >> ---------------------------------------------------- >> >> >> > > -- > Susanne Schneider > Coordinator secuTrial Development > > iAS interActive Systems GmbH > Dieffenbachstraße 33 c, D-10967 Berlin > > fon +49(0)30 22 50 50 - 498 > fax +49(0)30 22 50 50 - 451 > mail [email protected] > web http://www.interActive-Systems.de > > ---------------------------------------------------- > Geschäftsführer: Dr. Marko Reschke, Thomas Fritzsche > Sitz der Gesellschaft: Berlin > Amtsgericht Berlin Charlottenburg, HRB 106103B > ---------------------------------------------------- >
_______________________________________________ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list ([email protected]) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com This email sent to [email protected]
