You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tapestry.apache.org by Brian Long <br...@gmail.com> on 2006/01/10 19:24:57 UTC
Invalidating the users session
I've recently upgraded from Tapestry 3.03 to 4.0 and have a minor
problem with the acegi security configuration I'm using. The
login/logout code used currently came from the Hispacta example on
sourceforge which worked a treat until the upgrade to tapestry 4.0.
The problem is this, in 3.0 I would get the HttpSession before logging
the current user out and invalidate it e.g.
cycle.getRequestContext().getSession().invalidate();
very straightforward, however this method "getRequestContext" is now
deprecated and so I get an error message when I log out to the effect
that I'm invalidating a session that has already been invalidated?
Question is, who, what and where is invalidating the session, if I
remove the call to the RequestContext and no longer invalidate the
session, I start getting hivemind exceptions after a couple of
logins/logouts.
So to summarise, if someone has already gone through the pain of
updating this acegi security code from Hispacta could they please
share there solution/workaround. Alternatively if someone has an
example of how to inject the HttpSession in via hivemind so that I
could invalidate "in the 4.0 way" I'd appreciate it.
/Brian.
p.s. congratulations to Howard et al. on the final release of Tapestry 4.0
---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
Re: Invalidating the users session
Posted by Bryan Lewis <br...@maine.rr.com>.
I can't answer all your questions, but here's what works for me in
Tap4. I put it in my custom Page class.
@InjectObject("engine-service:restart")
public abstract IEngineService getRestartService();
/**
* This is called on explicit logout. Invalidates the HttpSession.
*/
public void endSession()
{
try {
// Note that this happens to create a fresh new visit.
IEngineService restartService = getRestartService();
restartService.service(getRequestCycle());
}
catch (Exception ex) {
// Ignore it if the session was already invalidated.
log.debug(ex.getMessage());
}
}
.
If you look at the source code for Tapestry's engine.RestartService(),
it's doing the invalidation you expect.
try
{
session.invalidate();
}
catch (IllegalStateException ex)
{
_log.warn("Exception thrown invalidating HttpSession.", ex);
// Otherwise, ignore it.
}
Brian Long wrote:
>I've recently upgraded from Tapestry 3.03 to 4.0 and have a minor
>problem with the acegi security configuration I'm using. The
>login/logout code used currently came from the Hispacta example on
>sourceforge which worked a treat until the upgrade to tapestry 4.0.
>
>The problem is this, in 3.0 I would get the HttpSession before logging
>the current user out and invalidate it e.g.
>
>cycle.getRequestContext().getSession().invalidate();
>
>very straightforward, however this method "getRequestContext" is now
>deprecated and so I get an error message when I log out to the effect
>that I'm invalidating a session that has already been invalidated?
>
>Question is, who, what and where is invalidating the session, if I
>remove the call to the RequestContext and no longer invalidate the
>session, I start getting hivemind exceptions after a couple of
>logins/logouts.
>
>So to summarise, if someone has already gone through the pain of
>updating this acegi security code from Hispacta could they please
>share there solution/workaround. Alternatively if someone has an
>example of how to inject the HttpSession in via hivemind so that I
>could invalidate "in the 4.0 way" I'd appreciate it.
>
>/Brian.
>
>p.s. congratulations to Howard et al. on the final release of Tapestry 4.0
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
RE: Invalidating the users session
Posted by Jimmi Dyson <ji...@lawton.co.uk>.
You can inject the WebRequest and get the WebSession from there:
.page/.component:
<inject object="infrastructure:request" property="webRequest"/>
.java:
WebSession session = getWebRequest().getSession(false);
-----Original Message-----
From: Brian Long [mailto:brian.long.msc@gmail.com]
Sent: 10 January 2006 18:25
To: tapestry-user@jakarta.apache.org
Subject: Invalidating the users session
I've recently upgraded from Tapestry 3.03 to 4.0 and have a minor
problem with the acegi security configuration I'm using. The
login/logout code used currently came from the Hispacta example on
sourceforge which worked a treat until the upgrade to tapestry 4.0.
The problem is this, in 3.0 I would get the HttpSession before logging
the current user out and invalidate it e.g.
cycle.getRequestContext().getSession().invalidate();
very straightforward, however this method "getRequestContext" is now
deprecated and so I get an error message when I log out to the effect
that I'm invalidating a session that has already been invalidated?
Question is, who, what and where is invalidating the session, if I
remove the call to the RequestContext and no longer invalidate the
session, I start getting hivemind exceptions after a couple of
logins/logouts.
So to summarise, if someone has already gone through the pain of
updating this acegi security code from Hispacta could they please
share there solution/workaround. Alternatively if someone has an
example of how to inject the HttpSession in via hivemind so that I
could invalidate "in the 4.0 way" I'd appreciate it.
/Brian.
p.s. congratulations to Howard et al. on the final release of Tapestry
4.0
---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-user-help@jakarta.apache.org