• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag
 

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: GRR, still the logout method not working.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: GRR, still the logout method not working.


  • Subject: Re: GRR, still the logout method not working.
  • From: Gustavo Pizano <email@hidden>
  • Date: Fri, 25 Sep 2009 15:00:36 +0200


I had just overwrite it, and place an NSLog, to see if it was being called, but I didn't see the Log.

When I hit the back button I go back to the page I was before with a new sessionID. 

 
We use the direct action request handler as a default to avoid unnessary  session creation. But a session in itself is nothing bad, so why do you worry about it at all? If you rely on a user connected to a session, then you should check the user existance before returning any sensible data.

In the Session is where I check the request and ask for the fields userName and password, then I try to authenticate, if there is no such a user I return an exception and show the warning box in the login page, 

what I really don't understand its why, even I see thtat the session created by Logging in its terminated when logging out, but when I go back, I create a new session but I don't have to type the userName and password again, the request has those fields already.

G.

 

Regards,
Susanne

Gustavo Pizano schrieb:
Susanne Hi.


Mmm nopt this method its not being called when backing the browser.  I have realize that in the NSLog I place in the  createSessionForRequest, Im showing the sessionID, and when backing the browser, its creating a new one, ...  this is weird, I would have said it was because there was one opened session from before the login action.


:'(:'(


G.


On Fri, Sep 25, 2009 at 2:24 PM, Susanne Schneider <email@hidden <mailto:email@hidden>> wrote:

   Hi Gustavo,

   hmm, returning to the application and not returning into the
   terminated session should cause no problems. As you could not
   prohibit the browser to send any stale request (from the terminated
   session) you should have implemented the
   "handleSessionRestorationErrorInContext" from the application class
   to forward the browser to your main entrance page (with maybe a
   session timeout notice).


   Regards,
   Susanne

   Gustavo Pizano schrieb:

       Sussane hello.


       In fact I  came to the office just now also and I hadn't try to
       implement the log out again..  my LogPut WOCompoent only has a
       <label> tag that says Log out Successfully, thats it, I have
       nothing else, so Im not having any component with actions or
       such a thing. but backing the browser will return me to the
       application... Im trying to figure out first if its because of
       the problem Im having that 2 sessions are being created, one
       when the app launc and the other one when the user login, and
       when I log out, the session that terminates is the one that was
       created when the user login, so Im supposing the one that its
       allowing me to go back on the browser is the other one,, Im
       trying to get rid of it,///

       I will let  you know how it went.

       G.
               On Fri, Sep 25, 2009 at 2:04 PM, Susanne Schneider
       <email@hidden
       <mailto:email@hidden>
       <mailto:email@hidden
       <mailto:email@hidden>>> wrote:

          Hi Gustavo,

          sorry for the delay, hasn't been in the office yesterday.
       Maybe you
          solved your problem already?

          So I suppose the difference between your and our approach is that
          you are working with two custom components:
          1) page with the logout-link
          2) page with the logout-message from the direct action

          and we are using three components:
          1) page with logout link to return page 2-
          2) unshown page for terminating session with the posted
          appendToResponse method (this is more or less a handwritten
       WORedirect)
          3) page with logout-message from direct action

          I think the direct action is completly ok. If you do not
       include any
          statefull components as already mentioned there shall be no
       session.
          Otherwise there should be a fresh session created. The
       possibility
          to return to former session by browser-back is a security issue
          which indicates that the old session has not been terminated. I
          would suspect that the WORedirect preserves the session from
          terminating.

          Regards,
          Susanne

          Gustavo Pizano schrieb:

              Susanne. Thanks so much,

              I will apply your method to my project and see what
       happens...
              One question.


              is my DirectAction good?, I mean, as you saw Im usign
              pageWithName() method, and I read that using that Im
       referencing
              the old session,.... I have confusion here.

              Also I must override the appendToRespondMethod in the LogOut
              WOcomponent, isn't ?

              Thx.

              Gustavo

              On Sep 24, 2009, at 5:48 PM, Susanne Schneider wrote:

                  Hi Gustavo,

                  this is what we are doing to logout:

                  1) the logout link returns a logout-page without any real
                  surface where the appendToResponse is overwritten to
                  terminate the session and to redirect to a "you
       logged out
                  successfully" page. The method is :

                  public void appendToResponse(WOResponse response,
       WOContext
                  context) {
                     // necessary?
                        super.appendToResponse(response, context);
                     // finish session
                        session().logout();
                        session().terminate();
                        // redirect
                        String redirectURL =
       context.request().adaptorPrefix()
                  + "/" + context.request().applicationName() +
       ".woa/wa/logout";
                        response.setStatus(302);
                        response.setHeader(redirectURL, "location");
                        response.setHeader("0", "content-length");
                    }
                  2) The DirectAction "logoutAction" returns a
       stateless page
                  with the logout hint. If you want to avoid creating a
                  session on this page make sure that you do not touch
                  anything that needs a session. This is especially
       true for
                  any form elements or component-action-links.

                  HTH,
                  Susanne
                  --            Susanne Schneider
                  Coordinator secuTrial Development

                  iAS interActive Systems GmbH
                  Dieffenbachstraße 33 c, D-10967 Berlin

                  fon    +49(0)30 22 50 50 - 498
                  fax    +49(0)30 22 50 50 - 451
                  mail   email@hidden
                  web    http://www.interActive-Systems.de

                  ----------------------------------------------------
                  Geschäftsführer: Dr. Marko Reschke, Thomas Fritzsche
                  Sitz der Gesellschaft: Berlin
                  Amtsgericht Berlin Charlottenburg, HRB 106103B
                  ----------------------------------------------------



          --    Susanne Schneider
          Coordinator secuTrial Development

          iAS interActive Systems GmbH
          Dieffenbachstraße 33 c, D-10967 Berlin

          fon    +49(0)30 22 50 50 - 498
          fax    +49(0)30 22 50 50 - 451
          mail   email@hidden
          web    http://www.interActive-Systems.de

          ----------------------------------------------------
          Geschäftsführer: Dr. Marko Reschke, Thomas Fritzsche
          Sitz der Gesellschaft: Berlin
          Amtsgericht Berlin Charlottenburg, HRB 106103B
          ----------------------------------------------------




   --    Susanne Schneider
   Coordinator secuTrial Development

   iAS interActive Systems GmbH
   Dieffenbachstraße 33 c, D-10967 Berlin

   fon    +49(0)30 22 50 50 - 498
   fax    +49(0)30 22 50 50 - 451
   mail   email@hidden
   web    http://www.interActive-Systems.de

   ----------------------------------------------------
   Geschäftsführer: Dr. Marko Reschke, Thomas Fritzsche
   Sitz der Gesellschaft: Berlin
   Amtsgericht Berlin Charlottenburg, HRB 106103B
   ----------------------------------------------------




--
Susanne Schneider
Coordinator secuTrial Development

iAS interActive Systems GmbH
Dieffenbachstraße 33 c, D-10967 Berlin

fon    +49(0)30 22 50 50 - 498
fax    +49(0)30 22 50 50 - 451
mail   email@hidden
web    http://www.interActive-Systems.de

----------------------------------------------------
Geschäftsführer: Dr. Marko Reschke, Thomas Fritzsche
Sitz der Gesellschaft: Berlin
Amtsgericht Berlin Charlottenburg, HRB 106103B
----------------------------------------------------

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden

  • Follow-Ups:
    • Re: GRR, still the logout method not working.
      • From: Susanne Schneider <email@hidden>
References: 
 >Re: GRR, still the logout method not working. (From: Susanne Schneider <email@hidden>)
 >Re: GRR, still the logout method not working. (From: Gustavo Pizano <email@hidden>)
 >Re: GRR, still the logout method not working. (From: Susanne Schneider <email@hidden>)

  • Prev by Date: Re: GRR, still the logout method not working.
  • Next by Date: Re: GRR, still the logout method not working.
  • Previous by thread: Re: GRR, still the logout method not working.
  • Next by thread: Re: GRR, still the logout method not working.
  • Index(es):
    • Date
    • Thread