You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tapestry.apache.org by Michal Prinke <bo...@icpnet.pl> on 2004/10/05 11:35:32 UTC

I have to log in twice(!)

Hello,

I've written some medium-sized Tapestry/Hibernate project
and deployed it to Apache Tomcat/Oracle.

It works OK, but there's a little problem - I have to log in twice(!)...

1. For the first time, I enter the correct login & password.
2. The first page that requires authentication (WelcomePage) shows.
3. No matter what link on the WelcomePage I click, it brings
the login screen again.
4. I enter the correct login & password for the second time.
5. WelcomePage shows, and from now on, everything works perfectly.

What's wrong? How to correct this? Logging in twice is a bit annoying...



Some useful information:

1.
When the WelcomePage is displayed for the first time, @ExternalLinks look like:
http://localhost/MyTapestryProject/app;jsessionid=FDA22EE6029A8D75CDD94E7E10A86C5D?service=external/SomePage&sp=l14299

And for the second time:
http://localhost/MyTapestryProject/app?service=external/SomePage&sp=l14299

2.
The @Form component on the LoginForm has stateful="false".
It's because session timeout is set to 10 minutes, and if user opened
the form, stayed idle for half an hour and then tried to log in,
he would got "session timed out" message.

3. LoginForm.html (simplified):

   <html>
     <body>
       <form jwcid="@Form" listener="ognl:listeners.login" stateful="false">
         <input type="text" jwcid="@TextField" value="ognl:userName"/>
         <input type="password" jwcid="@TextField" value="ognl:password"/>
       </form>
     </body>
   </html>

4. LoginForm.java (simplified):

   public abstract class LoginForm extends BasePage
   {
     public void login(IRequestCycle cycle) throws Exception
     {
       try
       {
         // check if login/password is valid, put the user object into Visit
         getMyVisit().setLoggedUser(
           UserAuthenticator.get(getUserName(), getPassword()));

         // switch to welcome page (which requires authentication)
         cycle.activate("WelcomePage");
       }
       catch (UserAuthenticationFailed u)
       {
         setMessage("Bad login/password!");
         setUserName("");
         setPassword("");
         getMyVisit().setLoggedUser(null);
       }
     }
   }


---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-user-help@jakarta.apache.org

Re: Logging in twice: I've found the cause...

Posted by Marius Siegas <in...@gmail.com>.

I use server IP and have no problems with that somehow... (works with
Tomcat4, Tomcat5 and Jetty5)


On Wed, 06 Oct 2004 16:02:12 +0200, Michal Prinke <bo...@icpnet.pl> wrote:
> Installing the newest Apache Tomcat (5.0.28) did not help.
> 
> Fortunately, I've managed to find the cause of "logging in twice" problem...
> it happens only when I'm using server's IP number in URL
> (like http://10.20.30.40/MyTapestryProject/app).
> 
> The solution is to use full domain name, like
> http://myserver/MyTapestryProject/app. In this case, every URL generated
> by Tapestry contains the "jsessionid=" part, but it's not a problem.
> 
> Strange...
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
> 
>

---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-user-help@jakarta.apache.org

Logging in twice: I've found the cause...

Posted by Michal Prinke <bo...@icpnet.pl>.

Installing the newest Apache Tomcat (5.0.28) did not help.

Fortunately, I've managed to find the cause of "logging in twice" problem...
it happens only when I'm using server's IP number in URL
(like http://10.20.30.40/MyTapestryProject/app).

The solution is to use full domain name, like
http://myserver/MyTapestryProject/app. In this case, every URL generated
by Tapestry contains the "jsessionid=" part, but it's not a problem.

Strange...

---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-user-help@jakarta.apache.org

Re: Do you think that error was in Tapestry or in Tomcat?

Posted by The Chris Method <th...@gmail.com>.

You know, I really can't say.  I doubt it was Tapestry.  All I know is
that your problem was similar to mine, mine was solved by upgrading
Tomcat, and I never had enough time to actually investigate what was
going on.


On Tue, 05 Oct 2004 16:46:31 +0200, Michal Prinke <bo...@icpnet.pl> wrote:
> Do you think that error was in Tapestry or in Tomcat?
> I'll try to upgrade Tomcat to the newest version and I'll see if it helps.
> Thank you!
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
> 
>

---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-user-help@jakarta.apache.org

Do you think that error was in Tapestry or in Tomcat?

Posted by Michal Prinke <bo...@icpnet.pl>.

Do you think that error was in Tapestry or in Tomcat?
I'll try to upgrade Tomcat to the newest version and I'll see if it helps.
Thank you!

---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-user-help@jakarta.apache.org

Re: I have to log in twice(!)

Posted by The Chris Method <th...@gmail.com>.

This isn't going to be the most helpful reply, but I can tell you a
similar experience that I had.  I wrote a personal blogging program
using tapestry/hibernate and c3p0 as the connection provider
(hopefully you're not using Hibernate's default connection provider;
they recommend that you never use it in production).  It was deployed
to Tomcat 4.1.18 or .28 or something.  I always had that problem. 
When the app sat overnight, I'd always have to log in twice and the
URLs seemed similar.  After a while I took the app down to fix the
Tapestry AssetService security hole.  When I went to put it back up,
my server was running Tomcat 5.  I deployed and the problem was gone.

So this isn't really helpful because I didn't identify a problem and
then fix it, it just so happened that it miraculously went away.


On Tue, 05 Oct 2004 11:35:32 +0200, Michal Prinke <bo...@icpnet.pl> wrote:
> Hello,
> 
> I've written some medium-sized Tapestry/Hibernate project
> and deployed it to Apache Tomcat/Oracle.
> 
> It works OK, but there's a little problem - I have to log in twice(!)...
> 
> 1. For the first time, I enter the correct login & password.
> 2. The first page that requires authentication (WelcomePage) shows.
> 3. No matter what link on the WelcomePage I click, it brings
> the login screen again.
> 4. I enter the correct login & password for the second time.
> 5. WelcomePage shows, and from now on, everything works perfectly.
> 
> What's wrong? How to correct this? Logging in twice is a bit annoying...
> 
> Some useful information:
> 
> 1.
> When the WelcomePage is displayed for the first time, @ExternalLinks look like:
> http://localhost/MyTapestryProject/app;jsessionid=FDA22EE6029A8D75CDD94E7E10A86C5D?service=external/SomePage&sp=l14299
> 
> And for the second time:
> http://localhost/MyTapestryProject/app?service=external/SomePage&sp=l14299
> 
> 2.
> The @Form component on the LoginForm has stateful="false".
> It's because session timeout is set to 10 minutes, and if user opened
> the form, stayed idle for half an hour and then tried to log in,
> he would got "session timed out" message.
> 
> 3. LoginForm.html (simplified):
> 
>    <html>
>      <body>
>        <form jwcid="@Form" listener="ognl:listeners.login" stateful="false">
>          <input type="text" jwcid="@TextField" value="ognl:userName"/>
>          <input type="password" jwcid="@TextField" value="ognl:password"/>
>        </form>
>      </body>
>    </html>
> 
> 4. LoginForm.java (simplified):
> 
>    public abstract class LoginForm extends BasePage
>    {
>      public void login(IRequestCycle cycle) throws Exception
>      {
>        try
>        {
>          // check if login/password is valid, put the user object into Visit
>          getMyVisit().setLoggedUser(
>            UserAuthenticator.get(getUserName(), getPassword()));
> 
>          // switch to welcome page (which requires authentication)
>          cycle.activate("WelcomePage");
>        }
>        catch (UserAuthenticationFailed u)
>        {
>          setMessage("Bad login/password!");
>          setUserName("");
>          setPassword("");
>          getMyVisit().setLoggedUser(null);
>        }
>      }
>    }
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tapestry-user-help@jakarta.apache.org
> 
>

---------------------------------------------------------------------
To unsubscribe, e-mail: tapestry-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tapestry-user-help@jakarta.apache.org