Re: Log out method is not closing the session

Tue, 23 Jun 2009 05:05:22 -0700

Depends on the app. If your start page is a login page, you should make sure it doesn't create a session, until login succeeded.
E.g. don't use WOSubmitButton, use a regular input type="submit" instead and use a directAction on the surrounding WOForm. Then you set the name on the inputs explicitly and retrieve the formValues in the directAction and handle the login. E.g.: 

public WOActionResults loginAction() {
        String userName = request().stringFormValueForKey("login");
        String password = request().stringFormValueForKey("password");

        try {

		if (ERXStringUtilities.stringIsNullOrEmpty(userName) ||  
ERXStringUtilities.stringIsNullOrEmpty(password))

                        throw new IllegalArgumentException();

                EOEditingContext ec = ERXEC.newEditingContext();

		User user = User.fetchRequiredUser(ec,  
User.LOGIN.is(userName).and(User.PASSWORD.is(password)));


                // you won't get here if there is no such user/password 
combination
                Session session = (Session) session(); // creates the session
                session.setDefaultEditingContext(ec);
                session.setUser(user);

                HomePage homePage = pageWithName(HomePage.class);
                return homePage;
        } catch (IllegalArgumentException e) {
                // user or password empty
                return handleLoginFailure(...);
        } catch (NoSuchElementException e) {
                // no such user/password combination
                return handleLoginFailure(...);
        } catch (Exception e) {
                // everything else
                return handleLoginFailure(...);
        }
}

Am 23.06.2009 um 13:05 schrieb Gustavo Adolfo Pizano:


aha.. so I should not redirect to main but another  page?

G.


On Jun 23, 2009, at 12:58 PM, Timo Hoepfner wrote:


Chances are that the session gets terminated, but your main/start  
page immediately creates a new one... Usage of certain common  
components creates a new session if there is none.


Timo


Am 23.06.2009 um 10:55 schrieb Gustavo Adolfo Pizano:


Hello.


I followed they way PWO says how to handle log out, I created a  
method Logout that it;s being called from a WOHyperLink, there I  
do the follwoing

public WOComponent logout()
{
session().terminate();
WORedirect mainPage = (WORedirect) pageWithName("WORedirect");

mainPage.setUrl(context().directActionURLForActionNamed("default",  
noWOSID));

return mainPage;
}


I get redirected to the login page, but javaMonitor shows me that  
the Session its still active.



what Im doing wrong?

G.

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list      ([email protected])
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/webobjects-dev/th-dev%40onlinehome.de

This email sent to [email protected]






_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list      ([email protected])
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com

This email sent to [email protected]






















					Reply via email to