[jbossseam-issues] [JBoss JIRA] Commented: (JBSEAM-1860) login-required and no-conversation-view-id causes infinite redirect after session timeout on POST request

steve tynor (JIRA) jira-events at lists.jboss.org
Tue Aug 28 14:21:18 EDT 2007 

    [ http://jira.jboss.com/jira/browse/JBSEAM-1860?page=comments#action_12374254 ] 
            
steve tynor commented on JBSEAM-1860:
-------------------------------------

Shane,

I tried to create a toy application in Seam CVS to reproduce the bug I reported with 1.2.1GA, but I've been unsuccessful in doing so. I'm not sure if that implies that CVS has fixed my issue, or if I'm just not faithfully translating my app's config into the toy application.

Hopefully Jacob will have more success in reproducing in CVS since his original problem was reported on 2.0.0BETA1.


> login-required and no-conversation-view-id causes infinite redirect after session timeout on POST request
> ---------------------------------------------------------------------------------------------------------
>
>                 Key: JBSEAM-1860
>                 URL: http://jira.jboss.com/jira/browse/JBSEAM-1860
>             Project: JBoss Seam
>          Issue Type: Bug
>    Affects Versions: 2.0.0.BETA1
>            Reporter: Jacob Orshalick
>         Assigned To: Shane Bryzak
>             Fix For: 2.0.0.CR1
>
>
> When a page is setup as login-required="true" in pages.xml and a no-conversation-view-id is specified an infinite redirect occurs if the session times out and a POST request is then made by the user. Here is a snippet of my pages.xml configuration: 
> <pages login-view-id="/common/login.jsp">
> 	<!-- Security configuration -->
> 	<page view-id="*" scheme="http"/>
> 	
> 	<page view-id="/administration/*" scheme="http" login-required="true">
> 		<restrict>#{s:hasRole('Administrator')}</restrict>
> 	</page>
> 	
> 	<page view-id="/status/*" login-required="true" no-conversation-view-id="/status/search.xhtml">
> 		<restrict>#{s:hasRole('appRole')}</restrict>
> 	</page>
> When accessing a page under /status/* the first access always redirects to login.jsp as expected. The user then logs in and continues working with the application. If the HTTP session is then allowed to timeout, a GET request will behave as expected and redirect to the login.jsp. A POST on the other hand will cause an infinite redirect.  The stacktrace can be found at the forum reference.
> If the no-conversation-view-id is removed, the redirect works as expected but or course an error occurs if you return to a page that requires a conversation after logging in.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the seam-issues mailing list