incubator-adffaces-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "venkata guddanti" <venkata.gudda...@gmail.com>
Subject Re: PPR and session timeout
Date Tue, 18 Jul 2006 21:14:18 GMT
You are right if you do a full page refesh from the login in the iframe
response, it should load the login form in the main page.

However there are a few issues with putting extra logic in the login form
page. It assumes that on failure only the logn page is loaded in the PPR
Iframe. It does not account for the case when the user looses a network
connecton during a PPR connection. It also does not account for a DMZ
scenario, where the reverse proxy may have a logic page and its timeout
may be smaller than the session timeout. In the DMZ scenario, the logic page
may be displayed by the reverse proxy.

I believe the fix actually needs to go into the PPR logic itself. In IE it
is pretty simple to detect error cases in the IFrame. After posting from
Iframe, we can put a timer (window.setTimeout) to monitor the readyState of
the iframe document. If the readystate is "complete" we got a response in
the Iframe. The PPR response for the IFrame could put a token(maybe a
javascript global variable) indicating that it is a PPR response. If we do
not get the token we did not get a valid response. If the user looses a
network connection, an exception is thrown while trying to read the IFrame
content(error page).

Gecko like IE it also throws an exception in case a user looses a network
connection. However in Gecko it is difficult to detect if the content is
valid PPR content since it does not have readyState attribute for document.
One way to workaround this is to remove all nodes in the document before the
PPR post is done. In the timer we can check if the
document.documentElement.firstChild exists. If it exists that means the the
PPR response document has at least started loading. We can then look for the
token in the reponse page to validate that it is a PPR reponse.

When these error cases are detected we can either notify the user or reload
the main page to show the response from the PPR.

Using XMLHTTPRequest solves most of the issues with PPR, however
XMLHTTPRequest does not work with multi-part form encoding. In case the page
contains file upload elements, it would still make sense to use IFrame to
perform XMLHTTP communication.

Venkata

On 7/18/06, Scott O'Bryan <darkarena@gmail.com> wrote:
>
> Can't we just do a full-page refresh if the session is timed out?
>
> Cosma Colanicchia wrote:
> > There was a discussion about this problem, see this thread in the
> > archives for the details:
> >
> http://mail-archives.apache.org/mod_mbox/incubator-adffaces-dev/200606.mbox/browser
> >
> >
> > I've found a tricky workaround, that involves putting some javascript
> > in your login page to make it open itself in a popup window when its
> > loaded in the ppr iframe:
> >
> >  <script type="text/javascript">
> >
> >    // NOTE this is a workaround for an issue when using Trinidad
> >    // PPR requests and container-managed security
> >
> >    // This is a temporary workaround while waiting for Trinidad to use
> >    // XmlHTTPRequest instead of hidden IFRAMEs for partial page
> rendering
> >
> >    function checkPPR() {
> >      var loginForm = document.getElementById("loginForm");
> >      if ("_pprIFrame" == window.name) {
> >        // Reload myself in a window with a fixed name
> >        var loginWindow = window.open(window.location, "_pprLoginWindow",
> >                "menubar=0,resizable=1,width=350,height=250");
> >        loginForm.location = window.location;
> >      }
> >      if ("_pprLoginWindow" == window.name) {
> >        // Now I'm in the window, set the target back to the hidden
> iframe
> >        loginForm.target = "_pprIFrame";
> >      }
> >    }
> >
> >    function checkPPRClose() {
> >      // This script trigger also when the login is wrong.. so the
> >      // "login failed" page must also do something to show
> >      // itself outside of the hidden iframe.
> >      if ("_pprLoginWindow" == window.name) {
> >        // The timeout is required to allow performing
> >        // the form submit before closing the window
> >        setTimeout('window.close()', 3000);
> >      }
> >    }
> >
> >  </script>
> > </head>
> > <body onload="checkPPR();">
> >   <!-- standard action and field names for contained managed security
> -->
> >   <form id="loginForm" method="POST" action="j_security_check"
> >      onsubmit="checkPPRClose();">
> >
> >
> > Far from perfect, but it allows the user to escape from the lock that
> > would occours otherwise. If you come up with a better solution please
> > share it.
> >
> >
> > regards
> > Cosma
> >
> > 2006/7/18, Jeantine Mankelow <jeantine@corp.peace.com>:
> >> We are using adf's ppr features in our web based product.  This all
> >> works fine until the session times out and the users tries to do
> >> something which would cause a ppr on the already loaded page.  To the
> >> user if appears as if nothing happens, when in fact what is happening
> is
> >> the login page is getting rendered in the iFrame.
> >>
> >> Any ideas on how we can direct the page the user can see to the login
> >> page?
> >>
> >> Thanks,
> >> Jeantine
> >>
> >
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message