SUSANNE THANK YOU VERY MUCH.. IT DID THE TRICK.! when you say that you send a log out page sessionless with a link to the login page, in my case I must put the link to the LoginPage?, i dunno if the way I have my logout page has no reference to the session, I think yes because Im return it form a direcAction with pageWithName method.
Anyway, no more back button problem. G. On Fri, Sep 25, 2009 at 3:10 PM, Gustavo Pizano <[email protected]>wrote: > Im gonna check that out... I will let you know. > g. > > > On Fri, Sep 25, 2009 at 3:06 PM, Susanne Schneider < > [email protected]> wrote: > >> Hi Gustavo, >> >> is the login method itself a direct action? I remember vague that we >> considered once to handle the login by a direct action and come across the >> same problem. Although it is more comfortable for the user to handle the >> login by a direct action (no timeout of the login page) this was the blocker >> for us. So we returned to a normal component handling of the login. For >> better user experience the logout leads to a sessionless logout page with a >> link to the session-creating login page. >> >> Maybe thats your problem too? >> Susanne >> >> Gustavo Pizano schrieb: >> >>> >>> I had just overwrite it, and place an NSLog, to see if it was being >>> called, but I didn't see the Log. >>> >>> When I hit the back button I go back to the page I was before with a new >>> sessionID. >>> >>> We use the direct action request handler as a default to avoid >>> unnessary session creation. But a session in itself is nothing bad, >>> so why do you worry about it at all? If you rely on a user connected >>> to a session, then you should check the user existance before >>> returning any sensible data. >>> >>> In the Session is where I check the request and ask for the fields >>> userName and password, then I try to authenticate, if there is no such a >>> user I return an exception and show the warning box in the login page, >>> what I really don't understand its why, even I see thtat the session >>> created by Logging in its terminated when logging out, but when I go back, I >>> create a new session but I don't have to type the userName and password >>> again, the request has those fields already. >>> >>> G. >>> >>> >>> >>> Regards, >>> Susanne >>> >>> Gustavo Pizano schrieb: >>> >>> Susanne Hi. >>> >>> >>> Mmm nopt this method its not being called when backing the >>> browser. I have realize that in the NSLog I place in the >>> createSessionForRequest, Im showing the sessionID, and when >>> backing the browser, its creating a new one, ... this is weird, >>> I would have said it was because there was one opened session >>> from before the login action. >>> >>> >>> :'(:'( >>> >>> >>> G. >>> >>> >>> On Fri, Sep 25, 2009 at 2:24 PM, Susanne Schneider >>> <[email protected] >>> <mailto:[email protected]> >>> <mailto:[email protected] >>> <mailto:[email protected]>>> wrote: >>> >>> Hi Gustavo, >>> >>> hmm, returning to the application and not returning into the >>> terminated session should cause no problems. As you could not >>> prohibit the browser to send any stale request (from the >>> terminated >>> session) you should have implemented the >>> "handleSessionRestorationErrorInContext" from the application >>> class >>> to forward the browser to your main entrance page (with maybe a >>> session timeout notice). >>> >>> >>> Regards, >>> Susanne >>> >>> Gustavo Pizano schrieb: >>> >>> Sussane hello. >>> >>> >>> In fact I came to the office just now also and I hadn't >>> try to >>> implement the log out again.. my LogPut WOCompoent only >>> has a >>> <label> tag that says Log out Successfully, thats it, I >>> have >>> nothing else, so Im not having any component with actions >>> or >>> such a thing. but backing the browser will return me to the >>> application... Im trying to figure out first if its >>> because of >>> the problem Im having that 2 sessions are being created, >>> one >>> when the app launc and the other one when the user login, >>> and >>> when I log out, the session that terminates is the one >>> that was >>> created when the user login, so Im supposing the one that >>> its >>> allowing me to go back on the browser is the other one,, Im >>> trying to get rid of it,/// >>> >>> I will let you know how it went. >>> >>> G. >>> On Fri, Sep 25, 2009 at 2:04 PM, Susanne Schneider >>> <[email protected] >>> <mailto:[email protected]> >>> <mailto:[email protected] >>> <mailto:[email protected]>> >>> <mailto:[email protected] >>> <mailto:[email protected]> >>> <mailto:[email protected] >>> <mailto:[email protected]>>>> wrote: >>> >>> Hi Gustavo, >>> >>> sorry for the delay, hasn't been in the office >>> yesterday. >>> Maybe you >>> solved your problem already? >>> >>> So I suppose the difference between your and our >>> approach is that >>> you are working with two custom components: >>> 1) page with the logout-link >>> 2) page with the logout-message from the direct action >>> >>> and we are using three components: >>> 1) page with logout link to return page 2- >>> 2) unshown page for terminating session with the posted >>> appendToResponse method (this is more or less a >>> handwritten >>> WORedirect) >>> 3) page with logout-message from direct action >>> >>> I think the direct action is completly ok. If you do not >>> include any >>> statefull components as already mentioned there shall >>> be no >>> session. >>> Otherwise there should be a fresh session created. The >>> possibility >>> to return to former session by browser-back is a >>> security issue >>> which indicates that the old session has not been >>> terminated. I >>> would suspect that the WORedirect preserves the >>> session from >>> terminating. >>> >>> Regards, >>> Susanne >>> >>> Gustavo Pizano schrieb: >>> >>> Susanne. Thanks so much, >>> >>> I will apply your method to my project and see what >>> happens... >>> One question. >>> >>> >>> is my DirectAction good?, I mean, as you saw Im >>> usign >>> pageWithName() method, and I read that using that Im >>> referencing >>> the old session,.... I have confusion here. >>> >>> Also I must override the appendToRespondMethod in >>> the LogOut >>> WOcomponent, isn't ? >>> >>> Thx. >>> >>> Gustavo >>> >>> On Sep 24, 2009, at 5:48 PM, Susanne Schneider >>> wrote: >>> >>> Hi Gustavo, >>> >>> this is what we are doing to logout: >>> >>> 1) the logout link returns a logout-page >>> without any real >>> surface where the appendToResponse is >>> overwritten to >>> terminate the session and to redirect to a "you >>> logged out >>> successfully" page. The method is : >>> >>> public void appendToResponse(WOResponse >>> response, >>> WOContext >>> context) { >>> // necessary? >>> super.appendToResponse(response, context); >>> // finish session >>> session().logout(); >>> session().terminate(); >>> // redirect >>> String redirectURL = >>> context.request().adaptorPrefix() >>> + "/" + context.request().applicationName() + >>> ".woa/wa/logout"; >>> response.setStatus(302); >>> response.setHeader(redirectURL, >>> "location"); >>> response.setHeader("0", "content-length"); >>> } >>> 2) The DirectAction "logoutAction" returns a >>> stateless page >>> with the logout hint. If you want to avoid >>> creating a >>> session on this page make sure that you do not >>> touch >>> anything that needs a session. This is >>> especially >>> true for >>> any form elements or component-action-links. >>> >>> HTH, >>> Susanne >>> -- Susanne Schneider >>> Coordinator secuTrial Development >>> >>> iAS interActive Systems GmbH >>> Dieffenbachstraße 33 c, D-10967 Berlin >>> >>> fon +49(0)30 22 50 50 - 498 >>> fax +49(0)30 22 50 50 - 451 >>> mail [email protected] >>> web http://www.interActive-Systems.de >>> >>> >>> ---------------------------------------------------- >>> Geschäftsführer: Dr. Marko Reschke, Thomas >>> Fritzsche >>> Sitz der Gesellschaft: Berlin >>> Amtsgericht Berlin Charlottenburg, HRB 106103B >>> >>> ---------------------------------------------------- >>> >>> >>> >>> -- Susanne Schneider >>> Coordinator secuTrial Development >>> >>> iAS interActive Systems GmbH >>> Dieffenbachstraße 33 c, D-10967 Berlin >>> >>> fon +49(0)30 22 50 50 - 498 >>> fax +49(0)30 22 50 50 - 451 >>> mail [email protected] >>> web http://www.interActive-Systems.de >>> >>> ---------------------------------------------------- >>> Geschäftsführer: Dr. Marko Reschke, Thomas Fritzsche >>> Sitz der Gesellschaft: Berlin >>> Amtsgericht Berlin Charlottenburg, HRB 106103B >>> ---------------------------------------------------- >>> >>> >>> >>> >>> -- Susanne Schneider >>> Coordinator secuTrial Development >>> >>> iAS interActive Systems GmbH >>> Dieffenbachstraße 33 c, D-10967 Berlin >>> >>> fon +49(0)30 22 50 50 - 498 >>> fax +49(0)30 22 50 50 - 451 >>> mail [email protected] >>> web http://www.interActive-Systems.de >>> >>> ---------------------------------------------------- >>> Geschäftsführer: Dr. Marko Reschke, Thomas Fritzsche >>> Sitz der Gesellschaft: Berlin >>> Amtsgericht Berlin Charlottenburg, HRB 106103B >>> ---------------------------------------------------- >>> >>> >>> >>> >>> -- Susanne Schneider >>> Coordinator secuTrial Development >>> >>> iAS interActive Systems GmbH >>> Dieffenbachstraße 33 c, D-10967 Berlin >>> >>> fon +49(0)30 22 50 50 - 498 >>> fax +49(0)30 22 50 50 - 451 >>> mail [email protected] >>> web http://www.interActive-Systems.de >>> >>> ---------------------------------------------------- >>> Geschäftsführer: Dr. Marko Reschke, Thomas Fritzsche >>> Sitz der Gesellschaft: Berlin >>> Amtsgericht Berlin Charlottenburg, HRB 106103B >>> ---------------------------------------------------- >>> >>> >>> >> >> -- >> Susanne Schneider >> Coordinator secuTrial Development >> >> iAS interActive Systems GmbH >> Dieffenbachstraße 33 c, D-10967 Berlin >> >> fon +49(0)30 22 50 50 - 498 >> fax +49(0)30 22 50 50 - 451 >> mail [email protected] >> web http://www.interActive-Systems.de >> >> ---------------------------------------------------- >> Geschäftsführer: Dr. Marko Reschke, Thomas Fritzsche >> Sitz der Gesellschaft: Berlin >> Amtsgericht Berlin Charlottenburg, HRB 106103B >> ---------------------------------------------------- >> > >
_______________________________________________ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list ([email protected]) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com This email sent to [email protected]
