Leszek Gawron dijo: > If you use IE (I do not know how other browsers handle this) if you serve > a > page without client cache turned off you make a security hole (IE caches > everything and serves even after user has logged out).
Very smart browser! ROTFL! > See the code attached below. The "main" method marks all function, > continuation and view requests not cacheable. What I request is the proper > handling of code in runContinuation fuction. >> > For all above examples you have to code logic in sitemap. I >> > think this is not as elegant as if you could have whole logic >> > in a flowscript >> At the current state of this discussion I would say, let's not >> add this feature to flow. If you want to do such things, write >> some custom components (input modules, actions etc.) and use >> them at appropriate places. But perhaps with some more info, >> I see things in different light. > If you write actions you split your logic into 2 areas: actions and flow. > Right now I set "Cache-control" header for continuation with "set-header" > action. > The code (assume every non internal uri goes to "main" method ): > var user = null; > function main( action ) { > cocoon.response.setHeader( "Expires", "-1" ); > cocoon.response.setHeader( "Cache-Control", "no-cache" ); > cocoon.response.setHeader( "Pragma", "no-cache" ); All these 3 instructions, can be setted in a the HTML style transformer instead of doing it in Flow. If not you need to write it over and over. > if ( user == null && !isContinuation( action ) ) { > loginInternal(); > } > invoke( action ); > } > > function invoke( action ) { > print( "action: " + action ); > > if ( isContinuation( action ) ) { > var id = extractContinuationId( action ); > print( "da id: " + id ); > runContinuation( id ); > } else { > func = this[ action ]; > if ( func != undefined ) > func.apply( this ); > else > cocoon.sendPage( action, {} ); > } > } > > > function isContinuation( action ) { > var id = new java.lang.String( action ); > return ( id.endsWith( ".continue" ) || id.endsWith( ".cont" ) ); > } > > function extractContinuationId( action ) { > var id = new java.lang.String( action ); > var pos = id.indexOf( "." ); > return id.substring( 0, pos ); > } > > function runContinuation( continuationId ) { > var contManager = null; > try { > contManager = cocoon.getComponent( > "org.apache.cocoon.components.flow.ContinuationsManager" ); > var wk = contManager.lookupWebContinuation( continuationId ); > } finally { > if ( contManager != null ) > cocoon.releaseComponent( contManager ); > } > var c = wk.getContinuation(); > c( wk ); > } > In the below code, can you better use the standard authentication-fw. the auth-fw can also work with flow: > function loginInternal() { > var form = new Form( "forms/login_d.xml" ); > var model = form.getModel(); > form.validator = loginValidator; > form.showForm( "form/login", {} ); > } > > function loginValidator( form ) { > var query = nTerApi.session.createQuery( "from User where name = :name > and password = :password" ); > query.setString( "name", form.getWidget( "username" ).getValue() ); > query.setString( "password", form.getWidget( "password" ).getValue() > ); > > var list = query.list(); > if ( list.size() == 0 ) { > form.getWidget( "messages" ).addMessage( "Błędny użytkownik lub > hasło!" ); > return false; > } > > user = list.get( 0 ); > return true; > } > > function login() { > user = null; > loginInternal(); > cocoon.sendPage( "/nTer/view/welcome.jx", {} ); > } > > function logout() { > user = null; > cocoon.session.invalidate(); > cocoon.redirectTo( "/nTer/welcome.do", {} ); > }