[
https://issues.jboss.org/browse/GTNPORTAL-1970?page=com.atlassian.jira.pl...
]
Matt Wringe commented on GTNPORTAL-1970:
----------------------------------------
I think we really only have 3 options here:
1) don't do anything differently. I am not sure if we should really expect things to
work perfectly when a session expires.
2) change the behaviour of what happens during a session expire so that it doesn't
redirect based on the url clicked, but based on the current page. So if you click a link
when the session has already expired, then it doesn't count that event (which makes
sense, since you were not currently authorized to select that option anyways).
3) change how the login mechanism works so we don't use redirects when the session
expires and a link is clicked. This could be something like automatic logouts to the login
page, automatically putting a login popup on session expiration,...
I would vote for #3, where when the session expires a login popup appears on the screen
which requires the user to re-login at that point before they can do anything with the
portal page (but once logged in, the current state of the portlet/page will not be lost).
This would also have to handle things like blocking all portlet requests that the portlet
might be generating itself through javascript, until the login has occurred.
Thoughts?
Richfaces portlet after session expiration generates incorrect
request (resource)
---------------------------------------------------------------------------------
Key: GTNPORTAL-1970
URL:
https://issues.jboss.org/browse/GTNPORTAL-1970
Project: GateIn Portal
Issue Type: Bug
Security Level: Public(Everyone can see)
Affects Versions: 3.2.0-M01
Environment: GateIn trunk (07/27)
EPP5.1.1 CR01
Reporter: Michal Vanco
Fix For: 3.2.0-M02
Attachments: rfportlet-session_exp.png
ajax requests in RF portlets contain in URL following attribute:
&portal:type=resource
and when session expires, you re-login and then portlet becomes only a resource in
browser and not a part of portal page (see screenshot)
To reproduce:
- deploy some RF portlet in portal (for example tic-tac-toe portlet -
http://anonsvn.jboss.org/repos/qa/prabhat/tictactoe-portlet)
- change session timeout in gatein.ear/02portal.war/WEB-INF/web.xml to 1 minute and
start portal
- add RF portlet on page
- wait 1 minute for session expiration, click on any button in RF portlet -> you are
asked to re-login and then you see only portlet in browser and no portal environment
URL after expiration and re-login can look like:
http://localhost:8080/portal/private/classic/ttt?portal:componentId=f976f...
You can go back in portal by removing "&portal:type=resource" from URL or
type page URL in browser (
http://localhost:8080/portal/private/classic/ttt)
--
This message is automatically generated by JIRA.
For more information on JIRA, see:
http://www.atlassian.com/software/jira