Session Expiration. UnauthorizedComponentInstantiationException. PageExpiredException. IllegalStateException. Ajax and Bookmarkable links.

2008-02-04 Thread Matt Smith 
A co-worker and I are looking into how to provide a consistent
handling of session expiration with an AuthenticatedWebApplication.

If a session expires, ideally, we'd like to provide a consistent
behavior of redirecting to a login page with a helpful message (i.e. -
Your session expired, please re-login), re-authenticate, and then
proceed to the original request regardless of what type of request is
made of the server.

Examples of the scenarios we'd like to handle consistently are:
1.   User logs in.  Session expires, then user clicks a wicket
generated Page link.
2.   User logs in.  Session expires, then user clicks the back button
in the browser and then clicks on a wicket generated component link.
3.   User logs in.  User performs an action which results in them
being redirected to a bookmarkable page.  The session expires, then
user submits a form
4.   User logs in.  User performs an action which results in them
being redirected to a bookmarkable page.  The session expires, then
user clicks a wicket generated link on the current page.
5.   User logs in.  User performs an action which results in them
being redirected to a bookmarkable page.  The session expires, then
user triggers an AJAX request of the server.
6.   User logs in.  The session expires.  User then triggers an AJAX
request of the server.
7.   User logs in.  The session expires, then user gets redirected to
login page (thus creating a new session).   User then clicks back and
clicks on a wicket generated link, gets redirected to a login page,
clicks back, clicks a wicket generated link.

The examples above seem to cause various behaviors in:
#1.  The Web app's UnauthorizedComponentInstantiation listener is
fired and given the page the user was on as an argument (thus
redirecting them directly to the page without a message).
#2 throws an UnauthorizedComponentInstantiationException
#3 throws a PageExpiredException
#4 throws a PageExpiredException
#5 throws a PageExpiredException
#6 throws an IllegalStateException (unmatched key/value pairs).
#7  A WicketRuntimeException exception is thrown (component not found
in page)(because the page id in the link is referring to a different
page in the current/new session than the page it referred to in the
old session).  It seems that using nextnumber id's (starting at 0)
allows for potential overlap in id's between a new session and an old
session.

We are able to handle PageExpiredException consistently by overriding
onRuntimeException() in our own custom RequestCycle.

Is there a way we can specify some consistent behavior for the other scenarios?

- Matt
http://netsmith.blogspot.com

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Javascript/CSS being cached by the browser even when it has changed. Should setAddLastModifiedTimeToResourceReferenceUrl(true) be the default?

2008-01-16 Thread Matt Smith 
Hello I've been using wicket for almost a year.  I recently ran into the
common web problem of the browser being overly aggressive on caching
javascript files.   This is commonly solved by adding a query parm which
changes based on the contents of the js file (checksum, time-stamp, etc).

After some searching (through forums, documentation, and wiki), I found the
following mailing list thread which alluded to the feature being done:
http://www.nabble.com/Wicket-2%2C-modal-window%2C-ListChoice%2C-auto-completion-to6352037.html#a6386238

It took some debugging through the wicket source, but I found the following
setting which can be flipped to enable this behavior (adding a lastmodified
url parm):

getResourceSettings().setAddLastModifiedTimeToResourceReferenceUrl(true);

The reason I'm posting this message is so that anyone else encountering a
similar problem might have a better search result that shows the solution.
Since I've been using wicket for some time, maybe I should have known to
look in all the settings interfaces?  However this doesn't seem like
something you would want to turn off.

Could you (wicket-committers) consider changing this to the default behavior
since browsers have a common problem of caching those files too
aggressively?   Using the lastmodifiedTime is a good approach to forcing the
browser to refresh only when appropriate.   I think it's much better than
the current default of allowing for the browser to behave strangely when the
resource has changed on the server and requiring the user to manually clear
their browser cache.

Thanks,
   Matt - http://netsmith.blogspot.com

Re: Javascript/CSS being cached by the browser even when it has changed. Should setAddLastModifiedTimeToResourceReferenceUrl(true) be the default?

2008-01-16 Thread Matt Smith 
Matej,

A parameter on the url seems like a small price to pay to guarantee that the
client has the correct version of the resource (IMHO).  There are other
frameworks which do similar things by default. Is the only reason not to do
it that the url looks a little less clean?

- Matt

p.s. - The grid components look nice! (http://www.inmethod.com/)

On Jan 16, 2008 10:34 AM, Matej Knopp [EMAIL PROTECTED] wrote:

 I think this would be a reasonable default behavior. Problem is that
 it adds another parameter to resource URL, I wasn't sure that people
 wouldn't mind, so I better left it disabled by default.

 -Matej