On Fri, Sep 25, 2009 at 2:24 PM, Susanne Schneider <
email@hidden <mailto:
email@hidden>> wrote:
Hi Gustavo,
hmm, returning to the application and not returning into the
terminated session should cause no problems. As you could not
prohibit the browser to send any stale request (from the terminated
session) you should have implemented the
"handleSessionRestorationErrorInContext" from the application class
to forward the browser to your main entrance page (with maybe a
session timeout notice).
Regards,
Susanne
Gustavo Pizano schrieb:
Sussane hello.
In fact I came to the office just now also and I hadn't try to
implement the log out again.. my LogPut WOCompoent only has a
<label> tag that says Log out Successfully, thats it, I have
nothing else, so Im not having any component with actions or
such a thing. but backing the browser will return me to the
application... Im trying to figure out first if its because of
the problem Im having that 2 sessions are being created, one
when the app launc and the other one when the user login, and
when I log out, the session that terminates is the one that was
created when the user login, so Im supposing the one that its
allowing me to go back on the browser is the other one,, Im
trying to get rid of it,///
I will let you know how it went.
G.
On Fri, Sep 25, 2009 at 2:04 PM, Susanne Schneider
<
email@hidden
<mailto:
email@hidden>
<mailto:
email@hidden
<mailto:
email@hidden>>> wrote:
Hi Gustavo,
sorry for the delay, hasn't been in the office yesterday.
Maybe you
solved your problem already?
So I suppose the difference between your and our approach is that
you are working with two custom components:
1) page with the logout-link
2) page with the logout-message from the direct action
and we are using three components:
1) page with logout link to return page 2-
2) unshown page for terminating session with the posted
appendToResponse method (this is more or less a handwritten
WORedirect)
3) page with logout-message from direct action
I think the direct action is completly ok. If you do not
include any
statefull components as already mentioned there shall be no
session.
Otherwise there should be a fresh session created. The
possibility
to return to former session by browser-back is a security issue
which indicates that the old session has not been terminated. I
would suspect that the WORedirect preserves the session from
terminating.
Regards,
Susanne
Gustavo Pizano schrieb:
Susanne. Thanks so much,
I will apply your method to my project and see what
happens...
One question.
is my DirectAction good?, I mean, as you saw Im usign
pageWithName() method, and I read that using that Im
referencing
the old session,.... I have confusion here.
Also I must override the appendToRespondMethod in the LogOut
WOcomponent, isn't ?
Thx.
Gustavo
On Sep 24, 2009, at 5:48 PM, Susanne Schneider wrote:
Hi Gustavo,
this is what we are doing to logout:
1) the logout link returns a logout-page without any real
surface where the appendToResponse is overwritten to
terminate the session and to redirect to a "you
logged out
successfully" page. The method is :
public void appendToResponse(WOResponse response,
WOContext
context) {
// necessary?
super.appendToResponse(response, context);
// finish session
session().logout();
session().terminate();
// redirect
String redirectURL =
context.request().adaptorPrefix()
+ "/" + context.request().applicationName() +
".woa/wa/logout";
response.setStatus(302);
response.setHeader(redirectURL, "location");
response.setHeader("0", "content-length");
}
2) The DirectAction "logoutAction" returns a
stateless page
with the logout hint. If you want to avoid creating a
session on this page make sure that you do not touch
anything that needs a session. This is especially
true for
any form elements or component-action-links.
HTH,
Susanne
-- Susanne Schneider
Coordinator secuTrial Development
iAS interActive Systems GmbH
Dieffenbachstraße 33 c, D-10967 Berlin
fon +49(0)30 22 50 50 - 498
fax +49(0)30 22 50 50 - 451
mail email@hidden
web
http://www.interActive-Systems.de
----------------------------------------------------
Geschäftsführer: Dr. Marko Reschke, Thomas Fritzsche
Sitz der Gesellschaft: Berlin
Amtsgericht Berlin Charlottenburg, HRB 106103B
----------------------------------------------------
-- Susanne Schneider
Coordinator secuTrial Development
iAS interActive Systems GmbH
Dieffenbachstraße 33 c, D-10967 Berlin
fon +49(0)30 22 50 50 - 498
fax +49(0)30 22 50 50 - 451
mail email@hidden
web
http://www.interActive-Systems.de
----------------------------------------------------
Geschäftsführer: Dr. Marko Reschke, Thomas Fritzsche
Sitz der Gesellschaft: Berlin
Amtsgericht Berlin Charlottenburg, HRB 106103B
----------------------------------------------------
-- Susanne Schneider
Coordinator secuTrial Development
iAS interActive Systems GmbH
Dieffenbachstraße 33 c, D-10967 Berlin
fon +49(0)30 22 50 50 - 498
fax +49(0)30 22 50 50 - 451
mail email@hidden
web
http://www.interActive-Systems.de
----------------------------------------------------
Geschäftsführer: Dr. Marko Reschke, Thomas Fritzsche
Sitz der Gesellschaft: Berlin
Amtsgericht Berlin Charlottenburg, HRB 106103B
----------------------------------------------------