incubator-adffaces-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Cosma Colanicchia" <cosma...@gmail.com>
Subject Re: PPR and session timeout
Date Tue, 18 Jul 2006 21:25:36 GMT
I'm not an XmlHTTPRequest expert, so I don't know how it will be
implemented.. I only feel like it will simplifly things very much.

Your idea about setting a timer on the "invoker side" is nice, you may
want to try implement it. You will find a function called
_submitPartialChange in
adf-faces-impl\src\main\javascript\META-INF\adf\jsLibs\Core.js, is the
one that actually triggers the PPR request. Basically it switch the
form target to the hidden iframe, call the generic submitForm routine
and restore the original target. You may want to set a timer there and
write the handler routine in PPR.js. I'd like to try myself, but don't
think I'll have much time in the next days.

Regards
Cosma

2006/7/18, venkata guddanti <venkata.guddanti@gmail.com>:
> You are right if you do a full page  refesh from the login in the iframe
> response, it should load the login form in the main page.
>
> However there are a few issues with putting extra logic in the login form
> page. It assumes that on failure only the logn page is loaded in the PPR
> Iframe. It does not account for the case when the user looses a network
> connecton during a PPR connection. It also does not account for a DMZ
> scenario, where the reverse proxy may have a logic page and its timeout
> may be smaller than the session timeout. In the DMZ scenario, the logic page
> may be displayed by the reverse proxy.
>
> I believe the fix actually needs to go into the PPR logic itself. In IE it
> is pretty simple to detect error cases in the IFrame. After posting from
> Iframe, we can put a timer (window.setTimeout) to monitor the readyState of
> the iframe document. If the readystate is "complete" we got a response in
> the Iframe. The PPR response for the IFrame could put a token(maybe a
> javascript global variable) indicating that it is a PPR response. If we do
> not get the token we did not get a valid response. If the user looses a
> network connection, an exception is thrown while trying to read the IFrame
> content(error page).
>
> Gecko like IE it also throws an exception in case a user looses a network
> connection. However in Gecko it is difficult to detect if the content is
> valid PPR content since it does not have readyState attribute for document.
> One way to workaround this is to remove all nodes in the document before the
> PPR post is done. In the timer we can check if the
> document.documentElement.firstChild exists. If it exists that means the the
> PPR response document has at least started loading. We can then look for the
> token in the reponse page to validate that it is a PPR reponse.
>
> When these error cases are detected we can either notify the user or reload
> the main page to show the response from the PPR.
>
> Using XMLHTTPRequest solves most of the issues with PPR, however
> XMLHTTPRequest does not work with multi-part form encoding. In case the page
> contains file upload elements, it would still make sense to use IFrame to
> perform XMLHTTP communication.
>
> Venkata
>
> On 7/18/06, Scott O'Bryan <darkarena@gmail.com> wrote:
> >
> > Can't we just do a full-page refresh if the session is timed out?
> >
> > Cosma Colanicchia wrote:
> > > There was a discussion about this problem, see this thread in the
> > > archives for the details:
> > >
> > http://mail-archives.apache.org/mod_mbox/incubator-adffaces-dev/200606.mbox/browser
> > >
> > >
> > > I've found a tricky workaround, that involves putting some javascript
> > > in your login page to make it open itself in a popup window when its
> > > loaded in the ppr iframe:
> > >
> > >  <script type="text/javascript">
> > >
> > >    // NOTE this is a workaround for an issue when using Trinidad
> > >    // PPR requests and container-managed security
> > >
> > >    // This is a temporary workaround while waiting for Trinidad to use
> > >    // XmlHTTPRequest instead of hidden IFRAMEs for partial page
> > rendering
> > >
> > >    function checkPPR() {
> > >      var loginForm = document.getElementById("loginForm");
> > >      if ("_pprIFrame" == window.name) {
> > >        // Reload myself in a window with a fixed name
> > >        var loginWindow = window.open(window.location, "_pprLoginWindow",
> > >                "menubar=0,resizable=1,width=350,height=250");
> > >        loginForm.location = window.location;
> > >      }
> > >      if ("_pprLoginWindow" == window.name) {
> > >        // Now I'm in the window, set the target back to the hidden
> > iframe
> > >        loginForm.target = "_pprIFrame";
> > >      }
> > >    }
> > >
> > >    function checkPPRClose() {
> > >      // This script trigger also when the login is wrong.. so the
> > >      // "login failed" page must also do something to show
> > >      // itself outside of the hidden iframe.
> > >      if ("_pprLoginWindow" == window.name) {
> > >        // The timeout is required to allow performing
> > >        // the form submit before closing the window
> > >        setTimeout('window.close()', 3000);
> > >      }
> > >    }
> > >
> > >  </script>
> > > </head>
> > > <body onload="checkPPR();">
> > >   <!-- standard action and field names for contained managed security
> > -->
> > >   <form id="loginForm" method="POST" action="j_security_check"
> > >      onsubmit="checkPPRClose();">
> > >
> > >
> > > Far from perfect, but it allows the user to escape from the lock that
> > > would occours otherwise. If you come up with a better solution please
> > > share it.
> > >
> > >
> > > regards
> > > Cosma
> > >
> > > 2006/7/18, Jeantine Mankelow <jeantine@corp.peace.com>:
> > >> We are using adf's ppr features in our web based product.  This all
> > >> works fine until the session times out and the users tries to do
> > >> something which would cause a ppr on the already loaded page.  To the
> > >> user if appears as if nothing happens, when in fact what is happening
> > is
> > >> the login page is getting rendered in the iFrame.
> > >>
> > >> Any ideas on how we can direct the page the user can see to the login
> > >> page?
> > >>
> > >> Thanks,
> > >> Jeantine
> > >>
> > >
> >
> >
>
>

Mime
View raw message