I'm attempting to migrate some more of our code from sitemap based
action handlers to flow. Cocoon is at 2.1.8 and I'm seeing problems
invalidating sessions from flow.
Essentially, we are using Javascript flow to invoke a Java class as follows:
var handler = Packages.org.stjude.ct.ui.login.LogoffActionHandler();
handler.logoff( cocoon );
The LogoffAction among other things does:
public final void logoff( FOM_Cocoon cocoon ) throws BadSessionException {
Request request = cocoon.getRequest();
Session session = request.getSession( false );
if ( session != null ) {
session.invalidate();
}
Sometime later, the same user using the same browser session will
attempt to logon back to our application. This invokes flow like:
var handler = Packages.org.stjude.ct.ui.login.ActionHandler();
var logonOk = handler.logon( cocoon );
And this ActionHandler then gets the session with code essentially the
same as the above.
If I trace the LogoffAction I see the session get marked as invalid.
However, the subsequent session retrieval gets the exact same session
(session id is the same) but the valid flag is now true (session is
not considered invalid).
I thought at first this might be a JBoss issue, but I don't see how, I
now suspect it has something to do with the way Cocoon flow wraps
request and session objects. Anyone have an idea on what might be
going wrong and how to work around it? Is this a Coccon bug?
--
Peter Hunsberger
