Migration 3.9 -> 4.9: Session invalidation and redirect
Locked
Migration 3.9 -> 4.9: Session invalidation and redirect
 
|
Hi,
i'm currently trying to migrate an old OF 3.9 application (Integrated deployment) to OF 4.9 CE. In 3.9, i've used authetication in web.xml as described here: http://wiki.orbeon.com/forms/doc/developer-guide/authentication . Log-in works fine; but i don't find a way to handle log-out correctly in 4.9. If possible, i would prefer to keep the integrated deployment situation because otherwise, i would have to replace the complete logic from the pfc by another mechanism. In 3.9, i've used a page flow entry that calls a log-out xpl. In that XPL, i first called the <p:processor name="oxf:session-invalidator"/>, and afterwards, a redirect to a static html page telling the user that log-out was succesful. The logout was triggered by a xforms:submission from one of the content XForms pages. This worked perfectly fine. In 4.9, proceeding this way throws an error:
+----------------------------------------------------------------------------------------------------------------------+
|An Error has Occurred |
|----------------------------------------------------------------------------------------------------------------------|
|getAttribute: Session already invalidated |
|----------------------------------------------------------------------------------------------------------------------|
|Application Call Stack |
|----------------------------------------------------------------------------------------------------------------------|
|https://localhost:8443/dokdb/logout | | |
|oxf:/ops/pfc/xforms-xml-submission.xpl |executing processor | 50|
|······················································································································|
|element=<p:processor name="oxf:pipeline">[...]</p:processor> |
|name ={http://www.orbeon.com/oxf/processors}pipeline |
|----------------------------------------------------------------------------------------------------------------------|
|oxf:/ops/xforms/xforms-server-submit.xpl |executing processor | 70|
|······················································································································|
|element=<p:processor name="oxf:xforms-server">[...]</p:processor> |
|name ={http://www.orbeon.com/oxf/processors}xforms-server |
|----------------------------------------------------------------------------------------------------------------------|
|----------------------------------------------------------------------------------------------------------------------|
|Exception: java.lang.IllegalStateException |
|----------------------------------------------------------------------------------------------------------------------|
|org.apache.catalina.session.StandardSession |getAttribute |StandardSession.java |1204|
|org.apache.catalina.session.StandardSessionFacade |getAttribute |StandardSessionFacade.java | 108|
|rg.orbeon.oxf.pipeline.InitUtils$SessionMap$$anon$1|getAttribute |InitUtils.scala | 239|
|org.orbeon.oxf.util.AttributesToMap |put |AttributesToMap.java | 37|
|org.orbeon.oxf.util.AttributesToMap |put |AttributesToMap.java | 21|
|tionState$$anonfun$saveHttpState$1$$anonfun$apply$4|apply |Connection.scala | 246|
|tionState$$anonfun$saveHttpState$1$$anonfun$apply$4|apply |Connection.scala | 246|
|scala.Option |foreach |Option.scala | 236|
|n.oxf.util.ConnectionState$$anonfun$saveHttpState$1|apply |Connection.scala | 245|
|n.oxf.util.ConnectionState$$anonfun$saveHttpState$1|apply |Connection.scala | 244|
|scala.Option |foreach |Option.scala | 236|
|org.orbeon.oxf.util.ConnectionState$class |saveHttpState |Connection.scala | 244|
|org.orbeon.oxf.util.Connection |saveHttpState |Connection.scala | 51|
|org.orbeon.oxf.util.Connection |connect |Connection.scala | 207|
|----------------------------------------------------------------------------------------------------------------------|
In the logs, i see there's an additional request after processing the /logout request; the additional request points to the last page the user called before triggering the log-out:
2015-07-03 15:36:06,443 http-nio-8443-exec-22 DEBUG processor.XFormsServer - start submission second pass {id: "logout-submission"}
2015-07-03 15:36:06,449 http-nio-8443-exec-22 DEBUG processor.XFormsServer - checking whether local portlet submission is allowed {resource: "/logout", container type: "servlet", deployment type: "standalone"}
2015-07-03 15:36:06,455 http-nio-8443-exec-22 DEBUG processor.XFormsServer - skipping local portlet submission {reason: "container type is not portlet"}
2015-07-03 15:36:06,455 http-nio-8443-exec-22 DEBUG processor.XFormsServer - checking whether request dispatcher submission is allowed {resource: "/logout", noscript: "false", is asynchronous: "false", container type: "servlet", norewrite: "false", local-submission-forward: "true", local-submission-include: "false"}
2015-07-03 15:36:06,456 http-nio-8443-exec-22 DEBUG processor.XFormsServer - skipping request dispatcher servlet submission {reason: "deployment type is not separate"}
2015-07-03 15:36:06,456 http-nio-8443-exec-22 DEBUG processor.XFormsServer - start connecting {type: "regular"}
2015-07-03 15:36:06,467 http-nio-8443-exec-22 DEBUG processor.XFormsServer - loaded HTTP state {scope: "session"}
2015-07-03 15:36:06,467 http-nio-8443-exec-22 DEBUG processor.XFormsServer - end connecting {time (ms): "11"}
2015-07-03 15:36:06,467 http-nio-8443-exec-22 DEBUG processor.XFormsServer - end submission second pass {time (ms): "24"}
2015-07-03 15:36:06,506 http-nio-8443-exec-22 DEBUG processor.XFormsServer - state manager - Document is dirty. Generating new dynamic state.
2015-07-03 15:36:06,506 http-nio-8443-exec-22 DEBUG processor.XFormsServer - state manager - Keeping document in cache.
2015-07-03 15:36:06,507 http-nio-8443-exec-22 DEBUG processor.XFormsServer - start opening connection
2015-07-03 15:36:06,513 http-nio-8443-exec-22 INFO webapp.ProcessorService - /logout - Received request
2015-07-03 15:36:06,587 http-nio-8443-exec-22 INFO webapp.ProcessorService - Session listener - Session destroyed.
2015-07-03 15:36:06,590 http-nio-8443-exec-22 INFO webapp.ProcessorService - /logout - Timing: 77
2015-07-03 15:36:06,591 http-nio-8443-exec-22 DEBUG processor.XFormsServer - opening URL connection {method: "POST", URL: "https://localhost:8443/dokdb/logout", User-Agent: "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0", Accept: "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", Content-Type: "application/xml", Orbeon-Token: "da9dc29f63efd83e95bf15a4669711290196c946"}
2015-07-03 15:36:06,592 http-nio-8443-exec-22 DEBUG processor.XFormsServer - response {status code: "200"}
2015-07-03 15:36:06,593 http-nio-8443-exec-22 DEBUG processor.XFormsServer - response has no content
2015-07-03 15:36:06,593 http-nio-8443-exec-22 DEBUG processor.XFormsServer - end opening connection {time (ms): "86"}
2015-07-03 15:36:06,614 http-nio-8443-exec-22 ERROR controller.PageFlowControllerProcessor - error caught {controller: "oxf:/page-flow.xml", method: "POST", path: "/bereiche"}
2015-07-03 15:36:06,701 http-nio-8443-exec-22 ERROR controller.PageFlowControllerProcessor -
+----------------------------------------------------------------------------------------------------------------------+
|An Error has Occurred |
|----------------------------------------------------------------------------------------------------------------------|
|getAttribute: Session already invalidated |
....
"/bereiche" if the XForms with the Logout trigger, originating the logout submission; "/logout" is the logout action. I suppose it's a matter of state handling - maybe the XForms engine, after invalidating the session, still tries to do something with the last document in use before the logout submission. So, my question is: how do i issue a redirect after invalidation the session? Is there an example how to use the oxf:session-invalidator correctly? Thanks in advance! fs |
Re: Migration 3.9 -> 4.9: Session invalidation and redirect
Administrator
|
Hi Florian, At some point the server started checking that when it gets a request, it is "attached" to the correct session. So I'm not completely surprised that you could have a problem in this case. Here is what I'd suggest: instead of in XForms running a submission that runs XPL invalidating the session and then loading a "logged out" page, what about in XForms you just load that page, and in the page-flow.xml, for that page, in the <page model="..."> you run the XPL that invalidates the session? Would something like that work for you? Alex On Fri, Jul 3, 2015 at 6:47 AM, fl.schmitt(ops-users) <[hidden email]> wrote: Hi, You received this message because you are subscribed to the Google Groups "Orbeon Forms" group. To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email]. To post to this group, send email to [hidden email].
--
Follow Orbeon on Twitter: @orbeon Follow me on Twitter: @avernet |
Re: Migration 3.9 -> 4.9: Session invalidation and redirect
|
|
Hi Alex,
thanks a lot for your help - your solution works perfectly nice  ! I've replaced the xf:submission by a simple xf:trigger/xf:load to call the logout XPL. Now, invalidating the session and redirecting the user to a static page works fine.
Florian |
Re: Migration 3.9 -> 4.9: Session invalidation and redirect
|
Administrator
|
Hi Florian, Excellent, I am very glad it's working, and thank you for the update. Alex On Mon, Jul 6, 2015 at 12:10 AM, fl.schmitt(ops-users) <[hidden email]> wrote: Hi Alex, You received this message because you are subscribed to the Google Groups "Orbeon Forms" group. To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email]. To post to this group, send email to [hidden email].
--
Follow Orbeon on Twitter: @orbeon Follow me on Twitter: @avernet |
«
Return to Orbeon Forms community mailing list
|
1 view|%1 views
| Free forum by Nabble | Edit this page |