[gatein-issues] [JBoss JIRA] Commented: (GTNPORTAL-1970) Richfaces portlet after session expiration generates incorrect request (resource)

Mon Sep 19 14:44:26 EDT 2011

    [ https://issues.jboss.org/browse/GTNPORTAL-1970?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12629203#comment-12629203 ] 

Matt Wringe commented on GTNPORTAL-1970:
----------------------------------------

I think we really only have 3 options here:

1) don't do anything differently. I am not sure if we should really expect things to work perfectly when a session expires.

2) change the behaviour of what happens during a session expire so that it doesn't redirect based on the url clicked, but based on the current page. So if you click a link when the session has already expired, then it doesn't count that event (which makes sense, since you were not currently authorized to select that option anyways).

3) change how the login mechanism works so we don't use redirects when the session expires and a link is clicked. This could be something like automatic logouts to the login page, automatically putting a login popup on session expiration,...

I would vote for #3, where when the session expires a login popup appears on the screen which requires the user to re-login at that point before they can do anything with the portal page (but once logged in, the current state of the portlet/page will not be lost). This would also have to handle things like blocking all portlet requests that the portlet might be generating itself through javascript, until the login has occurred.

Thoughts?

> Richfaces portlet after session expiration generates incorrect request (resource)
> ---------------------------------------------------------------------------------
>
>                 Key: GTNPORTAL-1970
>                 URL: https://issues.jboss.org/browse/GTNPORTAL-1970
>             Project: GateIn Portal
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>    Affects Versions: 3.2.0-M01
>         Environment: GateIn trunk (07/27)
> EPP5.1.1 CR01
>            Reporter: Michal Vanco
>             Fix For: 3.2.0-M02
>
>         Attachments: rfportlet-session_exp.png
>
>
> ajax requests in RF portlets contain in URL following attribute: &portal:type=resource
> and when session expires, you re-login and then portlet becomes only a resource in browser and not a part of portal page (see screenshot)
> To reproduce:
>  - deploy some RF portlet in portal (for example tic-tac-toe portlet - http://anonsvn.jboss.org/repos/qa/prabhat/tictactoe-portlet)
>  - change session timeout in gatein.ear/02portal.war/WEB-INF/web.xml to 1 minute and start portal
>  - add RF portlet on page
>  - wait 1 minute for session expiration, click on any button in RF portlet -> you are asked to re-login and then you see only portlet in browser and no portal environment
> URL after expiration and re-login can look like:
> http://localhost:8080/portal/private/classic/ttt?portal:componentId=f976fc4d-2849-46a3-a4db-bdae5756b79b&portal:type=resource&navigationalstate=JBPNS_rO0ABXdcACJqYXZheC5mYWNlcy5wb3J0bGV0YnJpZGdlLlNUQVRFX0lEAAAAAQApdmlldzo3Zjc4ZWE5Mi02ZjNhLTQyMTgtYWZiNy0xNDk5NjNmMzVkZTkAB19fRU9GX18*&portal:windowState=normal&portal:portletMode=view&portal:resourceID=/faces/pages/index.xhtml&portal:cacheLevel=PAGE&resourcestate=JBPNS_rO0ABXczABBfanNmQnJpZGdlVmlld0lkAAAAAQASL3BhZ2VzL2luZGV4LnhodG1sAAdfX0VPRl9f
> You can go back in portal by removing "&portal:type=resource" from URL or type page URL in browser (http://localhost:8080/portal/private/classic/ttt)

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira