[jbossseam-issues] [JBoss JIRA] Commented: (JBSEAM-2257) Raise a session expired and new session event on occurence

Wed Jan 9 08:44:43 EST 2008

    [ http://jira.jboss.com/jira/browse/JBSEAM-2257?page=comments#action_12394304 ] 

Jacob Orshalick commented on JBSEAM-2257:
-----------------------------------------

What Pete is saying holds true here...  

By simply placing the event in the beginSession and endSession, you cannot achieve the purpose of this request.  Essentially the goal of this request is to raise an event when the session expires while a user is still active within the application (mainly for messaging purposes).  The approach you suggest would raise the event always when a new session is started.  The checks against the session id allow us to differentiate between a new session: 

- where the browser was closed (the user expired the session) = new session and no session id (cookie gone)
- the session expired from user inactivity = new session and session id still present (cookie still present)

Another difficulty here is the message as described in the first comment.  The timing of the event will be critical to ensure that the FacesMessages component exists in the context.

I will try to create a patch in the next few weeks (for this and a few other JIRAs I've requested).  Been very busy with work lately ;)

> Raise a session expired and new session event on occurence
> ----------------------------------------------------------
>
>                 Key: JBSEAM-2257
>                 URL: http://jira.jboss.com/jira/browse/JBSEAM-2257
>             Project: JBoss Seam
>          Issue Type: Feature Request
>          Components: Security
>    Affects Versions: 2.0.0.GA
>            Reporter: Jacob Orshalick
>         Assigned To: Shane Bryzak
>            Priority: Minor
>             Fix For: 2.0.x
>
>
> You have to make some assumptions here, but you can basically notify the user when the server session has ended with the following in a PhaseListener:
> Code:
> @Observer("org.jboss.seam.beforePhase")
> public void beforePhase(PhaseEvent event)
> {
>   if(event.getPhaseId() == PhaseId.RESTORE_VIEW)
>   {
>     HttpServletRequest request =
>       (HttpServletRequest) FacesContext.getCurrentInstance()
>         .getExternalContext().getRequest();
>             
>     if(request.getRequestedSessionId() != null 
>            && request.getSession().isNew())
>        Events.instance().raiseEvent("org.jboss.seam.sessionExpired");
> ...	
> Based on general cookie settings this will raise the event when the user still has the browser window open, the http session expired, and the user tries to access the app. If the user closes and reopens the browser to start the application, the event will not be raised.  This of course makes the assumption that cookies expire when the browser session is ended (which is generally the case).
> The org.jboss.seam.newSession event would simply change the condition to:
>    if(request.getRequestedSessionId() == null 
>            && request.getSession().isNew())
>       Events.instance().raiseEvent("org.jboss.seam.newSession");
> This is generally useful for user notification on the login screen.  Please see the forum reference for more information.  Thanks.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira