Re: GRR, still the logout method not working.
Re: GRR, still the logout method not working.
- Subject: Re: GRR, still the logout method not working.
- From: Susanne Schneider <email@hidden>
- Date: Fri, 25 Sep 2009 14:04:28 +0200
Hi Gustavo,
sorry for the delay, hasn't been in the office yesterday. Maybe you
solved your problem already?
So I suppose the difference between your and our approach is that you
are working with two custom components:
1) page with the logout-link
2) page with the logout-message from the direct action
and we are using three components:
1) page with logout link to return page 2-
2) unshown page for terminating session with the posted appendToResponse
method (this is more or less a handwritten WORedirect)
3) page with logout-message from direct action
I think the direct action is completly ok. If you do not include any
statefull components as already mentioned there shall be no session.
Otherwise there should be a fresh session created. The possibility to
return to former session by browser-back is a security issue which
indicates that the old session has not been terminated. I would suspect
that the WORedirect preserves the session from terminating.
Regards,
Susanne
Gustavo Pizano schrieb:
Susanne. Thanks so much,
I will apply your method to my project and see what happens... One
question.
is my DirectAction good?, I mean, as you saw Im usign pageWithName()
method, and I read that using that Im referencing the old session,.... I
have confusion here.
Also I must override the appendToRespondMethod in the LogOut
WOcomponent, isn't ?
Thx.
Gustavo
On Sep 24, 2009, at 5:48 PM, Susanne Schneider wrote:
Hi Gustavo,
this is what we are doing to logout:
1) the logout link returns a logout-page without any real surface
where the appendToResponse is overwritten to terminate the session and
to redirect to a "you logged out successfully" page. The method is :
public void appendToResponse(WOResponse response, WOContext context) {
// necessary?
super.appendToResponse(response, context);
// finish session
session().logout();
session().terminate();
// redirect
String redirectURL = context.request().adaptorPrefix() + "/" +
context.request().applicationName() + ".woa/wa/logout";
response.setStatus(302);
response.setHeader(redirectURL, "location");
response.setHeader("0", "content-length");
}
2) The DirectAction "logoutAction" returns a stateless page with the
logout hint. If you want to avoid creating a session on this page make
sure that you do not touch anything that needs a session. This is
especially true for any form elements or component-action-links.
HTH,
Susanne
--
Susanne Schneider
Coordinator secuTrial Development
iAS interActive Systems GmbH
Dieffenbachstraße 33 c, D-10967 Berlin
fon +49(0)30 22 50 50 - 498
fax +49(0)30 22 50 50 - 451
mail email@hidden
web http://www.interActive-Systems.de
----------------------------------------------------
Geschäftsführer: Dr. Marko Reschke, Thomas Fritzsche
Sitz der Gesellschaft: Berlin
Amtsgericht Berlin Charlottenburg, HRB 106103B
----------------------------------------------------
--
Susanne Schneider
Coordinator secuTrial Development
iAS interActive Systems GmbH
Dieffenbachstraße 33 c, D-10967 Berlin
fon +49(0)30 22 50 50 - 498
fax +49(0)30 22 50 50 - 451
mail email@hidden
web http://www.interActive-Systems.de
----------------------------------------------------
Geschäftsführer: Dr. Marko Reschke, Thomas Fritzsche
Sitz der Gesellschaft: Berlin
Amtsgericht Berlin Charlottenburg, HRB 106103B
----------------------------------------------------
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden