You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@myfaces.apache.org by "Christian Beikov (JIRA)" <de...@myfaces.apache.org> on 2012/08/28 22:27:07 UTC

[jira] [Created] (EXTCDI-299) Session Cookie Configuration with Secure on non secure URL results in forever redirect loop

Christian Beikov created EXTCDI-299:
---------------------------------------

             Summary: Session Cookie Configuration with Secure on non secure URL results in forever redirect loop
                 Key: EXTCDI-299
                 URL: https://issues.apache.org/jira/browse/EXTCDI-299
             Project: MyFaces CODI
          Issue Type: Bug
          Components: JEE-JSF20-Module
    Affects Versions: 1.0.5
         Environment: Windows 7, JBoss AS 7.1.0.Final
            Reporter: Christian Beikov


This occurs, because the session cookie of the webapp is configured to be secure, but if you don't access the application via https you get redirected forever.
The reason for that is of course, that no session is available at the server side when the redirected request arrives at the server side.
The only solution to that is, to supply a specialized WindowContextConfig#isUrlParameterSupported that returns false, but that results in ViewExpiredException on Postback.

In my opinion CODI should somehow forward to an error page or so when this kind of configuration happens or don't redirect to use window ids at all.


--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira