Re: Keeping the session alive pattern?
I had no idea he was already using tapestry-security until you mentioned it. I thought my comments were clear that the security frameworks have solved this problem, I guess I was not. -- View this message in context: http://tapestry.1045711.n5.nabble.com/Keeping-the-session-alive-pattern-tp5719771p5719861.html Sent from the Tapestry - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: Keeping the session alive pattern?
Then I must not be understanding. Why would you introduce a home-grown filter when tapestry-security would do the job for you? On Feb 7, 2013, at 2:45 AM, Lance Java wrote: > I wasn't suggesting to include spring security in his project. I was > suggesting that an example of the filter I had suggested earlier could be in > most, if not all, tapestry security frameworks. For example, if you download > the tapestry-spring-security and search for "spring-security.loginform.url" > it should lead you to such a filter. > > > > -- > View this message in context: > http://tapestry.1045711.n5.nabble.com/Keeping-the-session-alive-pattern-tp5719771p5719836.html > Sent from the Tapestry - User mailing list archive at Nabble.com. > > - > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org > For additional commands, e-mail: users-h...@tapestry.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: Keeping the session alive pattern?
I wasn't suggesting to include spring security in his project. I was suggesting that an example of the filter I had suggested earlier could be in most, if not all, tapestry security frameworks. For example, if you download the tapestry-spring-security and search for "spring-security.loginform.url" it should lead you to such a filter. -- View this message in context: http://tapestry.1045711.n5.nabble.com/Keeping-the-session-alive-pattern-tp5719771p5719836.html Sent from the Tapestry - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: Keeping the session alive pattern?
If you can do with activation context - then look no further.. I guess though what you're requesting is user data/login persistence. We have been quite happy with storing user 'tokens' in cookies - and transparently logging in users (put in session) prior to any page or component activity. We have used a Dispatcher to do the 'cookielogin'. We have also used a custom tapestry security(shiro) implementation of CookieRememberMeManager to handle session cookies (but may have native support by now). --magnus On Wed, Feb 6, 2013 at 6:29 PM, Lenny Primak wrote: > I wouldn't recommend using spring security. I believe you are using > tapestry-security already and it works wonderfully. > > On Feb 6, 2013, at 9:16 AM, sommeralex wrote: > > > thx! > > > > > > > > -- > > View this message in context: > http://tapestry.1045711.n5.nabble.com/Keeping-the-session-alive-pattern-tp5719771p5719812.html > > Sent from the Tapestry - User mailing list archive at Nabble.com. > > > > - > > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org > > For additional commands, e-mail: users-h...@tapestry.apache.org > > > > - > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org > For additional commands, e-mail: users-h...@tapestry.apache.org > >
Re: Keeping the session alive pattern?
I wouldn't recommend using spring security. I believe you are using tapestry-security already and it works wonderfully. On Feb 6, 2013, at 9:16 AM, sommeralex wrote: > thx! > > > > -- > View this message in context: > http://tapestry.1045711.n5.nabble.com/Keeping-the-session-alive-pattern-tp5719771p5719812.html > Sent from the Tapestry - User mailing list archive at Nabble.com. > > - > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org > For additional commands, e-mail: users-h...@tapestry.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: Keeping the session alive pattern?
thx! -- View this message in context: http://tapestry.1045711.n5.nabble.com/Keeping-the-session-alive-pattern-tp5719771p5719812.html Sent from the Tapestry - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: Keeping the session alive pattern?
>From what I can see, the flowlogix library seems to be a clientside (javascript poll) based solution. For a serverside based solution, you might want to look at one of the security frameworks. For instance tapestry-spring-security [1] has the following configuration symbol: spring-security.loginform.url - Url redirected to when trying to use a secured class and/or method. Defaults to "/loginpage". [1] http://www.localhost.nu/java/tapestry-spring-security/conf.html#Configuration -- View this message in context: http://tapestry.1045711.n5.nabble.com/Keeping-the-session-alive-pattern-tp5719771p5719801.html Sent from the Tapestry - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Re: Keeping the session alive pattern?
lance, ipramak, thank you for the answers / helpful! 2013/2/5 lprimak [via Tapestry] > The FlowLogix library ( http://code.google.com/p/flowlogix/ ) has > components to deal with the session timeout issues and Ajax. > > Take a look at these in particular: > > http://code.google.com/p/flowlogix/wiki/TLAJAXAnnotation > http://code.google.com/p/flowlogix/wiki/TLSessionMonitor > > > On Feb 5, 2013, at 6:28 AM, sommeralex <[hidden > email]<http://user/SendEmail.jtp?type=node&node=5719786&i=0>> > wrote: > > > Hello! > > > > Is there a good "best practise" in tapestry/ (or webframeworks at all) > for > > keeping a session for a page alive OR handling session timeouts? Is > keeping > > a session alive an anti-pattern? > > > > I have two pages where some errors occur, if the user wants to do > something > > but the session is over. Both pages use javascript and have a callback > to > > the tapestry page via ajax. > > > > e.g. user wants to slide a slider, on slide end: > > new Ajax.Request(urlSetGroupPositionAndSize, { onSuccess: updatePage, > > parameters: 'lat='+ lat + '&lng=' + lon + '&scopeRadius=' + > > Math.floor(scopeRadius)}); > > > > but, if the session is over, i get various javascript/tapestry errors on > top > > of my page - I cant copy them because the error message appears "behind" > my > > page and it disappears after some seconds. But i could make a > screenshot: > > > > http://www.learnclip.com/tapestry/bugs/timeout.png > > > > > > what i have found so far: > > > > > http://mail-archives.apache.org/mod_mbox/tapestry-users/200504.mbox/%3C20050407181906.GA9459@...%3E<http://mail-archives.apache.org/mod_mbox/tapestry-users/200504.mbox/%3c20050407181906.ga9...@jetpen.com%3E> > > > > which mentions to use httpSession.setMaxInactiveInterval or > > http://comments.gmane.org/gmane.comp.java.tapestry.user/55982 > > > > which says there could be a trick to set the timeout to 0 / which is not > > recommended or to use javascript with a period updater / which is also > not > > recommended. > > > > *so, keeping the session alive is not the way*. right? > > > > BUT > > > > then I would need a "service", which is checking the session validity. > > ( > http://tapestry.apache.org/current/apidocs/org/apache/tapestry5/services/Session.html#isInvalidated()) > > > > > *would it be enough/ok to make JUST this on my java method* (which is > called > > from Javascript)? > > > > public void onSetGroupPosAndSize(){ > > > > if (session.isInvalidated(){ > > > > //return LoginPage.class; > > > > }else { > > > > //go on > > > > } > > > > > > > > > > > > > > } > > > > > > > > > > > > > > > > > > -- > > View this message in context: > http://tapestry.1045711.n5.nabble.com/Keeping-the-session-alive-pattern-tp5719771.html > > Sent from the Tapestry - User mailing list archive at Nabble.com. > > > > - > > To unsubscribe, e-mail: [hidden > > email]<http://user/SendEmail.jtp?type=node&node=5719786&i=1> > > For additional commands, e-mail: [hidden > > email]<http://user/SendEmail.jtp?type=node&node=5719786&i=2> > > > > > -- > If you reply to this email, your message will be added to the discussion > below: > > http://tapestry.1045711.n5.nabble.com/Keeping-the-session-alive-pattern-tp5719771p5719786.html > To unsubscribe from Keeping the session alive pattern?, click > here<http://tapestry.1045711.n5.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=5719771&code=YWxleGFuZGVyLnNvbW1lckBnbWFpbC5jb218NTcxOTc3MXwxMDUzMzQxMzM4> > . > NAML<http://tapestry.1045711.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> > -- View this message in context: http://tapestry.1045711.n5.nabble.com/Keeping-the-session-alive-pattern-tp5719771p5719788.html Sent from the Tapestry - User mailing list archive at Nabble.com.
Re: Keeping the session alive pattern?
The FlowLogix library ( http://code.google.com/p/flowlogix/ ) has components to deal with the session timeout issues and Ajax. Take a look at these in particular: http://code.google.com/p/flowlogix/wiki/TLAJAXAnnotation http://code.google.com/p/flowlogix/wiki/TLSessionMonitor On Feb 5, 2013, at 6:28 AM, sommeralex wrote: > Hello! > > Is there a good "best practise" in tapestry/ (or webframeworks at all) for > keeping a session for a page alive OR handling session timeouts? Is keeping > a session alive an anti-pattern? > > I have two pages where some errors occur, if the user wants to do something > but the session is over. Both pages use javascript and have a callback to > the tapestry page via ajax. > > e.g. user wants to slide a slider, on slide end: > new Ajax.Request(urlSetGroupPositionAndSize, { onSuccess: updatePage, > parameters: 'lat='+ lat + '&lng=' + lon + '&scopeRadius=' + > Math.floor(scopeRadius)}); > > but, if the session is over, i get various javascript/tapestry errors on top > of my page - I cant copy them because the error message appears "behind" my > page and it disappears after some seconds. But i could make a screenshot: > > http://www.learnclip.com/tapestry/bugs/timeout.png > > > what i have found so far: > > http://mail-archives.apache.org/mod_mbox/tapestry-users/200504.mbox/%3c20050407181906.ga9...@jetpen.com%3E > > which mentions to use httpSession.setMaxInactiveInterval or > http://comments.gmane.org/gmane.comp.java.tapestry.user/55982 > > which says there could be a trick to set the timeout to 0 / which is not > recommended or to use javascript with a period updater / which is also not > recommended. > > *so, keeping the session alive is not the way*. right? > > BUT > > then I would need a "service", which is checking the session validity. > (http://tapestry.apache.org/current/apidocs/org/apache/tapestry5/services/Session.html#isInvalidated()) > > *would it be enough/ok to make JUST this on my java method* (which is called > from Javascript)? > > public void onSetGroupPosAndSize(){ > > if (session.isInvalidated(){ > > //return LoginPage.class; > > }else { > > //go on > > } > > > > > > > } > > > > > > > > > -- > View this message in context: > http://tapestry.1045711.n5.nabble.com/Keeping-the-session-alive-pattern-tp5719771.html > Sent from the Tapestry - User mailing list archive at Nabble.com. > > - > To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org > For additional commands, e-mail: users-h...@tapestry.apache.org >
Re: Keeping the session alive pattern?
You could develop a new page annotation (@RequiresSession) that you could mark your pages with. Then you could contribute a ComponentRequestFilter which makes sure that a valid session is available for all pages marked with @RequiresSession. For normal (non-ajax) requests, the filter causes a redirect to your login page. For ajax requests, the filter causes some javascript to fire which sets window.location to your login page. -- View this message in context: http://tapestry.1045711.n5.nabble.com/Keeping-the-session-alive-pattern-tp5719771p5719785.html Sent from the Tapestry - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org
Keeping the session alive pattern?
Hello! Is there a good "best practise" in tapestry/ (or webframeworks at all) for keeping a session for a page alive OR handling session timeouts? Is keeping a session alive an anti-pattern? I have two pages where some errors occur, if the user wants to do something but the session is over. Both pages use javascript and have a callback to the tapestry page via ajax. e.g. user wants to slide a slider, on slide end: new Ajax.Request(urlSetGroupPositionAndSize, { onSuccess: updatePage, parameters: 'lat='+ lat + '&lng=' + lon + '&scopeRadius=' + Math.floor(scopeRadius)}); but, if the session is over, i get various javascript/tapestry errors on top of my page - I cant copy them because the error message appears "behind" my page and it disappears after some seconds. But i could make a screenshot: http://www.learnclip.com/tapestry/bugs/timeout.png what i have found so far: http://mail-archives.apache.org/mod_mbox/tapestry-users/200504.mbox/%3c20050407181906.ga9...@jetpen.com%3E which mentions to use httpSession.setMaxInactiveInterval or http://comments.gmane.org/gmane.comp.java.tapestry.user/55982 which says there could be a trick to set the timeout to 0 / which is not recommended or to use javascript with a period updater / which is also not recommended. *so, keeping the session alive is not the way*. right? BUT then I would need a "service", which is checking the session validity. (http://tapestry.apache.org/current/apidocs/org/apache/tapestry5/services/Session.html#isInvalidated()) *would it be enough/ok to make JUST this on my java method* (which is called from Javascript)? public void onSetGroupPosAndSize(){ if (session.isInvalidated(){ //return LoginPage.class; }else { //go on } } -- View this message in context: http://tapestry.1045711.n5.nabble.com/Keeping-the-session-alive-pattern-tp5719771.html Sent from the Tapestry - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org