[jira] Commented: (TAP5-1176) async form submission creates a new session every time when cookies are disabled

Mon, 19 Jul 2010 04:59:22 -0700 

    [ 
https://issues.apache.org/jira/browse/TAP5-1176?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12889832#action_12889832
 ] 

Christophe Cordenier commented on TAP5-1176:
--------------------------------------------

Hi

Actually all the URL created by Tapestry are passed into the 'encodeURL' method 
of HttpResponse before being rendered. So that cookie disabling should not 
affect the execution of pages.

Have you a small project that demonstrates this ?

Anyway, for security concerns, using secured cookies is still the best way to 
preserve user session id.

> async form submission creates a new session every time when cookies are 
> disabled
> --------------------------------------------------------------------------------
>
>                 Key: TAP5-1176
>                 URL: https://issues.apache.org/jira/browse/TAP5-1176
>             Project: Tapestry 5
>          Issue Type: Bug
>    Affects Versions: 5.1
>         Environment: windows, tomcat 6
>            Reporter: Paul Stanton
>
> If cookies are disabled on a server, tapestry fails to continue an existing 
> session when a form is submitted via ajax. a new session is created every 
> time the form is submitted.
> The following example works fine (session id does not change) when cookies 
> are enabled for the webapp container, but does not work (new session id every 
> submit) when cookies are disabled.
> public class Start
> {
>    private final static Logger LOG = Logger.getLogger(Start.class);
>    @Inject
>    private ComponentResources resources;
>    @Inject
>    @Property
>    private HttpServletRequest httpRequest;
>    Object onSuccessFromMyForm()
>    {
>        LOG.debug(httpRequest.getSession().getId());
>        return new MultiZoneUpdate("myZone", 
> resources.getEmbeddedComponent("myZone"));
>    }
> } 
> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" 
> "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd";>
> <html xmlns:t="http://tapestry.apache.org/schema/tapestry_5_1_0.xsd"; 
> xmlns:p="tapestry:parameter">
>    <head>
>    </head>
>    <body>
>    <t:form t:id="myForm" t:zone="myZone">
>        <input type="submit" />
>    </t:form>
>    <t:zone t:id="myZone">
>        ${httpRequest.session.id}
>    </t:zone>
>    </body>
> </html> 

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to