Possible zone bug with tapestry-security 0.6.0

[George Christman <gc...@cardaddy.com>]

Hi guys, I encountered the following behavior and I'm not sure if I'm doing
something incorrectly or if it's a bug.

My user session expired while leaving my page open. I later came back to
the page and clicked one of my zone links. Rightfully so, it redirected me
to the login page, however once I logged in, it tried redirecting me back
to the ajax url rather than the original page url resulting in an
exception.

Is this a bug or an improper implementation?

Re: Possible zone bug with tapestry-security 0.6.0

[Kalle Korhonen <ka...@gmail.com>]

It could be a bug or at least something that perhaps could be addressable
in the library itself. The library remembers the accessed protected url and
tries to redirect back to it, only your protected url is an ajax request.
We could perhaps ignore XHRs but it still wouldn't result in a complete
implementation. Conceivably, your page could also be unprotected but the
action request is protected so it gets a bit hairy. You can always work
around it though by returning a pre-defined success url. The open issue
https://github.com/tynamo/tapestry-security/issues/2 is related.

Kalle


On Wed, Apr 9, 2014 at 9:57 AM, George Christman <gc...@cardaddy.com>wrote:

> Hi guys, I encountered the following behavior and I'm not sure if I'm doing
> something incorrectly or if it's a bug.
>
> My user session expired while leaving my page open. I later came back to
> the page and clicked one of my zone links. Rightfully so, it redirected me
> to the login page, however once I logged in, it tried redirecting me back
> to the ajax url rather than the original page url resulting in an
> exception.
>
> Is this a bug or an improper implementation?
>