Re: session invalidate in tapestry

Fri, 14 Nov 2014 03:26:49 -0800 

Hi

Il 13/11/2014 15:24, Thiago H de Paula Figueiredo ha scritto:
> On Thu, 13 Nov 2014 12:16:03 -0200, Ivano Luberti
> <lube...@archicoop.it> wrote:
>
>> Hi all, I have a question about session handling in Tapestry5.
>> I have a
>>
>> @SessionState
>>     protected User user;
>
> Shouldn't it be @SessionState(create = false) so user isn't
> instantiated automatically and is null until you set the field?
>

well in my case authentication and authorization is verified using
information that are popultaed only after login, so from my point of
view I had not advantage.
Anyway I followed you  on this.
But nothing changed.

>>
>> that works as expected
>>
>> I wanted to perform some cleanup when calling a logout link: the action
>> link listener is made as this:
>>
>>     public Object onActionFromLink() {
>>        requestGlobals.getHTTPServletRequest().getSession().invalidate();
>>        return Index.class;
>>    }
>
> You can (and should) @Inject Request. There's absolutely no reason in
> the last 5 years to use RequestGlobals to get the request object. You
> can also @Inject HttpServletRequest and HttpServletResponse directly
> if needed.
>
> @Inject
> private Request request;
>
> ...
>
> Session session = request.getSession(false);
> if (session != null) {
>     session.invalidate();
> }
>

I have done also this but to no avail.
So I try to explain what happens.

I have the following class

package it.archicoop.met.obliterazione.base;

import it.archicoop.met.obliterazione.beans.User;

import org.apache.tapestry5.annotations.Property;
import org.apache.tapestry5.annotations.SessionState;
import org.apache.tapestry5.ioc.annotations.Inject;

public class BasePage implements IPage{
       
    @SessionState(create=false)
    @Property
    protected User user;


User is defined as this:

package it.archicoop.met.obliterazione.beans;

import javax.servlet.http.HttpSessionEvent;
import javax.servlet.http.HttpSessionListener;


public class User implements HttpSessionListener {
   
    public  User() {
    }
   
    public void sessionCreated(HttpSessionEvent se) {
               
        System.out.println("session started "+se.getSession().getId());
       
    }


    public void sessionDestroyed(HttpSessionEvent se) {

        System.out.println("session ended "+se.getSession().getId());
    
    }
}


Then I have

package it.archicoop.met.obliterazione.pages;
public class Index extends BasePage
{

and

package it.archicoop.met.obliterazione.pages;
public class BarCode extends BasePage
{


Logout link is implemented using  a component

package it.archicoop.met.obliterazione.components;

import it.archicoop.met.obliterazione.pages.Index;

import org.apache.tapestry5.ioc.annotations.Inject;
import org.apache.tapestry5.services.Request;
import org.apache.tapestry5.services.Session;


public class Logout
{
    @Inject
    private Request request;
   
    public Object onActionFromLink() {
   
     
        Session session = request.getSession(false);
        if (session != null) {
            session.invalidate();
        }
       
        return Index.class;
     
    }
   
}


public Object onActionFromLink() {
   
     
        Session session = request.getSession(false);
        if (session != null) {
            session.invalidate();
        }
       
       
        return Index.class;
     
    }


What happens


startup app

User constuctor called

it.archicoop.met.obliterazione.beans.User@2a801059

When I call the Index page in the browser  onPrepare is called

session created

it.archicoop.met.obliterazione.beans.User@2a801059

user field is null so constructor is called explicitly:

it.archicoop.met.obliterazione.beans.User@50862b70

login form submission

it.archicoop.met.obliterazione.beans.User@50862b70

Logout link

BarCode is the container of the Logout component

and user is null (WTF!?)

after session.invalidate is called

Session Destroyed

it.archicoop.met.obliterazione.beans.User@2a801059

Since I redirect to Index, again

onPrepare

user is initially

it.archicoop.met.obliterazione.beans.User@50862b70

then

user null

then recreated

it.archicoop.met.obliterazione.beans.User@4c057cc6

SessionCreated called

it.archicoop.met.obliterazione.beans.User@2a801059


So it seems that the field of type User is not persisted between
different pages.
And there is no relation between the user instances managed by the
servlet containt via SessionListener interface and the one in the pages

As I sadi before: there are other ways to centrailize session boundign
and unbounding but I wanted to know if in Tapestry I can use the
HTTPSessionListener inteface for object persisted in the session




-- 
==================================================
dott. Ivano Mario Luberti
Archimede Informatica societa' cooperativa a r. l.
Sede Operativa
Via Gereschi 36 - 56126- Pisa
tel.: +39-050- 580959
tel/fax: +39-050-9711344
web: www.archicoop.it
==================================================



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org

Reply via email to