[
http://jira.jboss.com/jira/browse/JBSEAM-1860?page=comments#action_12374473 ]
Jacob Orshalick commented on JBSEAM-1860:
-----------------------------------------
After some testing, the booking application seems to function as expected when the session
times out, but unfortunately my application still has the issue even with the latest from
CVS. I will look into the differences in configuration and see if I can determine what is
causing the issue.
login-required and no-conversation-view-id causes infinite redirect
after session timeout on POST request
---------------------------------------------------------------------------------------------------------
Key: JBSEAM-1860
URL:
http://jira.jboss.com/jira/browse/JBSEAM-1860
Project: JBoss Seam
Issue Type: Bug
Affects Versions: 2.0.0.BETA1
Reporter: Jacob Orshalick
Assigned To: Shane Bryzak
Fix For: 2.0.0.CR1
When a page is setup as login-required="true" in pages.xml and a
no-conversation-view-id is specified an infinite redirect occurs if the session times out
and a POST request is then made by the user. Here is a snippet of my pages.xml
configuration:
<pages login-view-id="/common/login.jsp">
<!-- Security configuration -->
<page view-id="*" scheme="http"/>
<page view-id="/administration/*" scheme="http"
login-required="true">
<restrict>#{s:hasRole('Administrator')}</restrict>
</page>
<page view-id="/status/*" login-required="true"
no-conversation-view-id="/status/search.xhtml">
<restrict>#{s:hasRole('appRole')}</restrict>
</page>
When accessing a page under /status/* the first access always redirects to login.jsp as
expected. The user then logs in and continues working with the application. If the HTTP
session is then allowed to timeout, a GET request will behave as expected and redirect to
the login.jsp. A POST on the other hand will cause an infinite redirect. The stacktrace
can be found at the forum reference.
If the no-conversation-view-id is removed, the redirect works as expected but or course
an error occurs if you return to a page that requires a conversation after logging in.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira