You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@myfaces.apache.org by "Christian Beikov (JIRA)" <de...@myfaces.apache.org> on 2012/08/28 22:27:07 UTC
[jira] [Created] (EXTCDI-299) Session Cookie Configuration with
Secure on non secure URL results in forever redirect loop
Christian Beikov created EXTCDI-299:
---------------------------------------
Summary: Session Cookie Configuration with Secure on non secure URL results in forever redirect loop
Key: EXTCDI-299
URL: https://issues.apache.org/jira/browse/EXTCDI-299
Project: MyFaces CODI
Issue Type: Bug
Components: JEE-JSF20-Module
Affects Versions: 1.0.5
Environment: Windows 7, JBoss AS 7.1.0.Final
Reporter: Christian Beikov
This occurs, because the session cookie of the webapp is configured to be secure, but if you don't access the application via https you get redirected forever.
The reason for that is of course, that no session is available at the server side when the redirected request arrives at the server side.
The only solution to that is, to supply a specialized WindowContextConfig#isUrlParameterSupported that returns false, but that results in ViewExpiredException on Postback.
In my opinion CODI should somehow forward to an error page or so when this kind of configuration happens or don't redirect to use window ids at all.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira