You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tapestry.apache.org by Tomáš Drenčák <to...@gmail.com> on 2005/09/01 07:42:07 UTC
Re: Back Button + Form Submission + new Session
Maybe I'm wrong but sessionid is stored through cookies on the client
side. When you invalidate session this probably cookie lasts and with
back button is posted back as valid session id...
2005/8/31, LOCHART,DOUGLAS E <do...@cablespeed.com>:
> Can someone please explain to me what is going on or what
> I have to do to prevent the following from happening.
>
> A user is using the system and performs a log out. They
> are redirected to the Home Page. A new Session is
> created. The user then hits the back button to a
> previously accessed form and clicks on submit.
>
> The form is stateful. Even though this form (page) was
> rendered within another session id the request goes in
> under the new session so the resulting DirectService call
> to service does not through a StaleSessionException as the
> session is not new.
>
> The result is an exception.
>
> I have read a majority of TIA and scoured this mailiing
> list but never have I seen mention of this problem nor any
> pattern / best practice to avoid this.
>
> Am I doing something fundamentally wrong? Do I need to
> encode the sessionid manually as a hidden parameter into
> each page and then validate them?
>
> For some reason I assumed that form submissions would
> contain enough information to distinguish between
> sessions.
>
> I pray there is an easy "Tapestry" solution (like
> overriding a service/engine or whatnot)
>
> Can anybody out here shed some light on this before I
> start adding the session id to all of my forms. Maybe its
> not a bad idea anyway but still I would like to know what
> is going on.
>
> Thanks again
>
> Doug
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-user-help@jakarta.apache.org