Hi Il 13/11/2014 15:24, Thiago H de Paula Figueiredo ha scritto: > On Thu, 13 Nov 2014 12:16:03 -0200, Ivano Luberti > <lube...@archicoop.it> wrote: > >> Hi all, I have a question about session handling in Tapestry5. >> I have a >> >> @SessionState >> protected User user; > > Shouldn't it be @SessionState(create = false) so user isn't > instantiated automatically and is null until you set the field? >
well in my case authentication and authorization is verified using information that are popultaed only after login, so from my point of view I had not advantage. Anyway I followed you on this. But nothing changed. >> >> that works as expected >> >> I wanted to perform some cleanup when calling a logout link: the action >> link listener is made as this: >> >> public Object onActionFromLink() { >> requestGlobals.getHTTPServletRequest().getSession().invalidate(); >> return Index.class; >> } > > You can (and should) @Inject Request. There's absolutely no reason in > the last 5 years to use RequestGlobals to get the request object. You > can also @Inject HttpServletRequest and HttpServletResponse directly > if needed. > > @Inject > private Request request; > > ... > > Session session = request.getSession(false); > if (session != null) { > session.invalidate(); > } > I have done also this but to no avail. So I try to explain what happens. I have the following class package it.archicoop.met.obliterazione.base; import it.archicoop.met.obliterazione.beans.User; import org.apache.tapestry5.annotations.Property; import org.apache.tapestry5.annotations.SessionState; import org.apache.tapestry5.ioc.annotations.Inject; public class BasePage implements IPage{ @SessionState(create=false) @Property protected User user; User is defined as this: package it.archicoop.met.obliterazione.beans; import javax.servlet.http.HttpSessionEvent; import javax.servlet.http.HttpSessionListener; public class User implements HttpSessionListener { public User() { } public void sessionCreated(HttpSessionEvent se) { System.out.println("session started "+se.getSession().getId()); } public void sessionDestroyed(HttpSessionEvent se) { System.out.println("session ended "+se.getSession().getId()); } } Then I have package it.archicoop.met.obliterazione.pages; public class Index extends BasePage { and package it.archicoop.met.obliterazione.pages; public class BarCode extends BasePage { Logout link is implemented using a component package it.archicoop.met.obliterazione.components; import it.archicoop.met.obliterazione.pages.Index; import org.apache.tapestry5.ioc.annotations.Inject; import org.apache.tapestry5.services.Request; import org.apache.tapestry5.services.Session; public class Logout { @Inject private Request request; public Object onActionFromLink() { Session session = request.getSession(false); if (session != null) { session.invalidate(); } return Index.class; } } public Object onActionFromLink() { Session session = request.getSession(false); if (session != null) { session.invalidate(); } return Index.class; } What happens startup app User constuctor called it.archicoop.met.obliterazione.beans.User@2a801059 When I call the Index page in the browser onPrepare is called session created it.archicoop.met.obliterazione.beans.User@2a801059 user field is null so constructor is called explicitly: it.archicoop.met.obliterazione.beans.User@50862b70 login form submission it.archicoop.met.obliterazione.beans.User@50862b70 Logout link BarCode is the container of the Logout component and user is null (WTF!?) after session.invalidate is called Session Destroyed it.archicoop.met.obliterazione.beans.User@2a801059 Since I redirect to Index, again onPrepare user is initially it.archicoop.met.obliterazione.beans.User@50862b70 then user null then recreated it.archicoop.met.obliterazione.beans.User@4c057cc6 SessionCreated called it.archicoop.met.obliterazione.beans.User@2a801059 So it seems that the field of type User is not persisted between different pages. And there is no relation between the user instances managed by the servlet containt via SessionListener interface and the one in the pages As I sadi before: there are other ways to centrailize session boundign and unbounding but I wanted to know if in Tapestry I can use the HTTPSessionListener inteface for object persisted in the session -- ================================================== dott. Ivano Mario Luberti Archimede Informatica societa' cooperativa a r. l. Sede Operativa Via Gereschi 36 - 56126- Pisa tel.: +39-050- 580959 tel/fax: +39-050-9711344 web: www.archicoop.it ================================================== --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org For additional commands, e-mail: users-h...@tapestry.apache.org