You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ofbiz.apache.org by Jonathon -- Improov <jo...@improov.com> on 2007/12/31 04:24:11 UTC

RequestHandler does callRedirect for uri "logout"

When callRedirect() is called, the response is committed. That means LoginWorker fails when trying 
to create a new session.

I understand that we can do "<@ofbizUrl secure="true">logout</...@ofbizUrl>". But that really looks 
like a workaround. Is it wrong to call "logout" in http, rather than in https? For efficiency, we 
often want only the login page in https, and the inside pages in http.

If you wanna fix this, it's in RequestHandler.java line 129.

Jonathon

Re: RequestHandler does callRedirect for uri "logout"

Posted by BJ Freeman <bj...@free-man.net>.

I believe you should look more at this for logout.
I believe the requestQueryString should by-passed if a logout, such as a
time out, is being processed.

not sure when in the backend if we want a http for inside pages.
so would have to check if the app is eccommerce type.

not sure that is a real clean way to do it. since you wold have make
code to deal clone apps of eccomerce.

Jonathon -- Improov sent the following on 12/30/2007 7:24 PM:
> When callRedirect() is called, the response is committed. That means
> LoginWorker fails when trying to create a new session.
> 
> I understand that we can do "<@ofbizUrl
> secure="true">logout</...@ofbizUrl>". But that really looks like a
> workaround. Is it wrong to call "logout" in http, rather than in https?
> For efficiency, we often want only the login page in https, and the
> inside pages in http.
> 
> If you wanna fix this, it's in RequestHandler.java line 129.
> 
> Jonathon
> 
> 
>