You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tapestry.apache.org by "Paul Stanton (JIRA)" <de...@tapestry.apache.org> on 2010/05/31 08:05:36 UTC
[jira] Created: (TAPESTRY-2765) async form submission creates a new
session every time when cookies are disabled
async form submission creates a new session every time when cookies are disabled
--------------------------------------------------------------------------------
Key: TAPESTRY-2765
URL: https://issues.apache.org/jira/browse/TAPESTRY-2765
Project: Tapestry
Issue Type: Bug
Components: XHR/dhtml/Ajax
Affects Versions: 5.1
Environment: windows, tomcat 6
Reporter: Paul Stanton
If cookies are disabled on a server, tapestry fails to continue an existing session when a form is submitted via ajax. a new session is created every time the form is submitted.
The following example works fine (session id does not change) when cookies are enabled for the webapp container, but does not work (new session id every submit) when cookies are disabled.
public class Start
{
private final static Logger LOG = Logger.getLogger(Start.class);
@Inject
private ComponentResources resources;
@Inject
@Property
private HttpServletRequest httpRequest;
Object onSuccessFromMyForm()
{
LOG.debug(httpRequest.getSession().getId());
return new MultiZoneUpdate("myZone", resources.getEmbeddedComponent("myZone"));
}
}
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns:t="http://tapestry.apache.org/schema/tapestry_5_1_0.xsd" xmlns:p="tapestry:parameter">
<head>
</head>
<body>
<t:form t:id="myForm" t:zone="myZone">
<input type="submit" />
</t:form>
<t:zone t:id="myZone">
${httpRequest.session.id}
</t:zone>
</body>
</html>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (TAP5-1176) async form submission creates a new
session every time when cookies are disabled
Posted by "Christophe Cordenier (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/TAP5-1176?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12889832#action_12889832 ]
Christophe Cordenier commented on TAP5-1176:
--------------------------------------------
Hi
Actually all the URL created by Tapestry are passed into the 'encodeURL' method of HttpResponse before being rendered. So that cookie disabling should not affect the execution of pages.
Have you a small project that demonstrates this ?
Anyway, for security concerns, using secured cookies is still the best way to preserve user session id.
> async form submission creates a new session every time when cookies are disabled
> --------------------------------------------------------------------------------
>
> Key: TAP5-1176
> URL: https://issues.apache.org/jira/browse/TAP5-1176
> Project: Tapestry 5
> Issue Type: Bug
> Affects Versions: 5.1
> Environment: windows, tomcat 6
> Reporter: Paul Stanton
>
> If cookies are disabled on a server, tapestry fails to continue an existing session when a form is submitted via ajax. a new session is created every time the form is submitted.
> The following example works fine (session id does not change) when cookies are enabled for the webapp container, but does not work (new session id every submit) when cookies are disabled.
> public class Start
> {
> private final static Logger LOG = Logger.getLogger(Start.class);
> @Inject
> private ComponentResources resources;
> @Inject
> @Property
> private HttpServletRequest httpRequest;
> Object onSuccessFromMyForm()
> {
> LOG.debug(httpRequest.getSession().getId());
> return new MultiZoneUpdate("myZone", resources.getEmbeddedComponent("myZone"));
> }
> }
> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
> <html xmlns:t="http://tapestry.apache.org/schema/tapestry_5_1_0.xsd" xmlns:p="tapestry:parameter">
> <head>
> </head>
> <body>
> <t:form t:id="myForm" t:zone="myZone">
> <input type="submit" />
> </t:form>
> <t:zone t:id="myZone">
> ${httpRequest.session.id}
> </t:zone>
> </body>
> </html>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (TAP5-1176) async form submission creates a new
session every time when cookies are disabled
Posted by "Christophe Cordenier (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/TAP5-1176?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Christophe Cordenier reassigned TAP5-1176:
------------------------------------------
Assignee: Christophe Cordenier
> async form submission creates a new session every time when cookies are disabled
> --------------------------------------------------------------------------------
>
> Key: TAP5-1176
> URL: https://issues.apache.org/jira/browse/TAP5-1176
> Project: Tapestry 5
> Issue Type: Bug
> Affects Versions: 5.1
> Environment: windows, tomcat 6
> Reporter: Paul Stanton
> Assignee: Christophe Cordenier
>
> If cookies are disabled on a server, tapestry fails to continue an existing session when a form is submitted via ajax. a new session is created every time the form is submitted.
> The following example works fine (session id does not change) when cookies are enabled for the webapp container, but does not work (new session id every submit) when cookies are disabled.
> public class Start
> {
> private final static Logger LOG = Logger.getLogger(Start.class);
> @Inject
> private ComponentResources resources;
> @Inject
> @Property
> private HttpServletRequest httpRequest;
> Object onSuccessFromMyForm()
> {
> LOG.debug(httpRequest.getSession().getId());
> return new MultiZoneUpdate("myZone", resources.getEmbeddedComponent("myZone"));
> }
> }
> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
> <html xmlns:t="http://tapestry.apache.org/schema/tapestry_5_1_0.xsd" xmlns:p="tapestry:parameter">
> <head>
> </head>
> <body>
> <t:form t:id="myForm" t:zone="myZone">
> <input type="submit" />
> </t:form>
> <t:zone t:id="myZone">
> ${httpRequest.session.id}
> </t:zone>
> </body>
> </html>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (TAP5-1176) async form submission creates a new
session every time when cookies are disabled
Posted by "Christophe Cordenier (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/TAP5-1176?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Christophe Cordenier reassigned TAP5-1176:
------------------------------------------
Assignee: Christophe Cordenier
> async form submission creates a new session every time when cookies are disabled
> --------------------------------------------------------------------------------
>
> Key: TAP5-1176
> URL: https://issues.apache.org/jira/browse/TAP5-1176
> Project: Tapestry 5
> Issue Type: Bug
> Affects Versions: 5.1
> Environment: windows, tomcat 6
> Reporter: Paul Stanton
> Assignee: Christophe Cordenier
>
> If cookies are disabled on a server, tapestry fails to continue an existing session when a form is submitted via ajax. a new session is created every time the form is submitted.
> The following example works fine (session id does not change) when cookies are enabled for the webapp container, but does not work (new session id every submit) when cookies are disabled.
> public class Start
> {
> private final static Logger LOG = Logger.getLogger(Start.class);
> @Inject
> private ComponentResources resources;
> @Inject
> @Property
> private HttpServletRequest httpRequest;
> Object onSuccessFromMyForm()
> {
> LOG.debug(httpRequest.getSession().getId());
> return new MultiZoneUpdate("myZone", resources.getEmbeddedComponent("myZone"));
> }
> }
> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
> <html xmlns:t="http://tapestry.apache.org/schema/tapestry_5_1_0.xsd" xmlns:p="tapestry:parameter">
> <head>
> </head>
> <body>
> <t:form t:id="myForm" t:zone="myZone">
> <input type="submit" />
> </t:form>
> <t:zone t:id="myZone">
> ${httpRequest.session.id}
> </t:zone>
> </body>
> </html>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Moved: (TAP5-1176) async form submission creates a new
session every time when cookies are disabled
Posted by "Ulrich Stärk (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/TAP5-1176?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ulrich Stärk moved TAPESTRY-2765 to TAP5-1176:
----------------------------------------------
Project: Tapestry 5 (was: Tapestry)
Key: TAP5-1176 (was: TAPESTRY-2765)
Affects Version/s: 5.1
(was: 5.1)
Component/s: (was: XHR/dhtml/Ajax)
> async form submission creates a new session every time when cookies are disabled
> --------------------------------------------------------------------------------
>
> Key: TAP5-1176
> URL: https://issues.apache.org/jira/browse/TAP5-1176
> Project: Tapestry 5
> Issue Type: Bug
> Affects Versions: 5.1
> Environment: windows, tomcat 6
> Reporter: Paul Stanton
>
> If cookies are disabled on a server, tapestry fails to continue an existing session when a form is submitted via ajax. a new session is created every time the form is submitted.
> The following example works fine (session id does not change) when cookies are enabled for the webapp container, but does not work (new session id every submit) when cookies are disabled.
> public class Start
> {
> private final static Logger LOG = Logger.getLogger(Start.class);
> @Inject
> private ComponentResources resources;
> @Inject
> @Property
> private HttpServletRequest httpRequest;
> Object onSuccessFromMyForm()
> {
> LOG.debug(httpRequest.getSession().getId());
> return new MultiZoneUpdate("myZone", resources.getEmbeddedComponent("myZone"));
> }
> }
> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
> <html xmlns:t="http://tapestry.apache.org/schema/tapestry_5_1_0.xsd" xmlns:p="tapestry:parameter">
> <head>
> </head>
> <body>
> <t:form t:id="myForm" t:zone="myZone">
> <input type="submit" />
> </t:form>
> <t:zone t:id="myZone">
> ${httpRequest.session.id}
> </t:zone>
> </body>
> </html>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Closed: (TAP5-1176) async form submission creates a new
session every time when cookies are disabled
Posted by "Christophe Cordenier (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/TAP5-1176?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Christophe Cordenier closed TAP5-1176.
--------------------------------------
Fix Version/s: 5.2
Resolution: Fixed
This has been fixed in T5.2, now linkToZone Urls are generated at the end of the HeartBeat, so if the session exists jsession is appended to the URL.
As a workaround you should call the session first in your page to ensure that the session is created before your form component renders.
> async form submission creates a new session every time when cookies are disabled
> --------------------------------------------------------------------------------
>
> Key: TAP5-1176
> URL: https://issues.apache.org/jira/browse/TAP5-1176
> Project: Tapestry 5
> Issue Type: Bug
> Affects Versions: 5.1
> Environment: windows, tomcat 6
> Reporter: Paul Stanton
> Assignee: Christophe Cordenier
> Fix For: 5.2
>
>
> If cookies are disabled on a server, tapestry fails to continue an existing session when a form is submitted via ajax. a new session is created every time the form is submitted.
> The following example works fine (session id does not change) when cookies are enabled for the webapp container, but does not work (new session id every submit) when cookies are disabled.
> public class Start
> {
> private final static Logger LOG = Logger.getLogger(Start.class);
> @Inject
> private ComponentResources resources;
> @Inject
> @Property
> private HttpServletRequest httpRequest;
> Object onSuccessFromMyForm()
> {
> LOG.debug(httpRequest.getSession().getId());
> return new MultiZoneUpdate("myZone", resources.getEmbeddedComponent("myZone"));
> }
> }
> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
> <html xmlns:t="http://tapestry.apache.org/schema/tapestry_5_1_0.xsd" xmlns:p="tapestry:parameter">
> <head>
> </head>
> <body>
> <t:form t:id="myForm" t:zone="myZone">
> <input type="submit" />
> </t:form>
> <t:zone t:id="myZone">
> ${httpRequest.session.id}
> </t:zone>
> </body>
> </html>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Moved: (TAP5-1176) async form submission creates a new
session every time when cookies are disabled
Posted by "Ulrich Stärk (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/TAP5-1176?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ulrich Stärk moved TAPESTRY-2765 to TAP5-1176:
----------------------------------------------
Project: Tapestry 5 (was: Tapestry)
Key: TAP5-1176 (was: TAPESTRY-2765)
Affects Version/s: 5.1
(was: 5.1)
Component/s: (was: XHR/dhtml/Ajax)
> async form submission creates a new session every time when cookies are disabled
> --------------------------------------------------------------------------------
>
> Key: TAP5-1176
> URL: https://issues.apache.org/jira/browse/TAP5-1176
> Project: Tapestry 5
> Issue Type: Bug
> Affects Versions: 5.1
> Environment: windows, tomcat 6
> Reporter: Paul Stanton
>
> If cookies are disabled on a server, tapestry fails to continue an existing session when a form is submitted via ajax. a new session is created every time the form is submitted.
> The following example works fine (session id does not change) when cookies are enabled for the webapp container, but does not work (new session id every submit) when cookies are disabled.
> public class Start
> {
> private final static Logger LOG = Logger.getLogger(Start.class);
> @Inject
> private ComponentResources resources;
> @Inject
> @Property
> private HttpServletRequest httpRequest;
> Object onSuccessFromMyForm()
> {
> LOG.debug(httpRequest.getSession().getId());
> return new MultiZoneUpdate("myZone", resources.getEmbeddedComponent("myZone"));
> }
> }
> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
> <html xmlns:t="http://tapestry.apache.org/schema/tapestry_5_1_0.xsd" xmlns:p="tapestry:parameter">
> <head>
> </head>
> <body>
> <t:form t:id="myForm" t:zone="myZone">
> <input type="submit" />
> </t:form>
> <t:zone t:id="myZone">
> ${httpRequest.session.id}
> </t:zone>
> </body>
> </html>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (TAP5-1176) async form submission creates a new
session every time when cookies are disabled
Posted by "Christophe Cordenier (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/TAP5-1176?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12889832#action_12889832 ]
Christophe Cordenier commented on TAP5-1176:
--------------------------------------------
Hi
Actually all the URL created by Tapestry are passed into the 'encodeURL' method of HttpResponse before being rendered. So that cookie disabling should not affect the execution of pages.
Have you a small project that demonstrates this ?
Anyway, for security concerns, using secured cookies is still the best way to preserve user session id.
> async form submission creates a new session every time when cookies are disabled
> --------------------------------------------------------------------------------
>
> Key: TAP5-1176
> URL: https://issues.apache.org/jira/browse/TAP5-1176
> Project: Tapestry 5
> Issue Type: Bug
> Affects Versions: 5.1
> Environment: windows, tomcat 6
> Reporter: Paul Stanton
>
> If cookies are disabled on a server, tapestry fails to continue an existing session when a form is submitted via ajax. a new session is created every time the form is submitted.
> The following example works fine (session id does not change) when cookies are enabled for the webapp container, but does not work (new session id every submit) when cookies are disabled.
> public class Start
> {
> private final static Logger LOG = Logger.getLogger(Start.class);
> @Inject
> private ComponentResources resources;
> @Inject
> @Property
> private HttpServletRequest httpRequest;
> Object onSuccessFromMyForm()
> {
> LOG.debug(httpRequest.getSession().getId());
> return new MultiZoneUpdate("myZone", resources.getEmbeddedComponent("myZone"));
> }
> }
> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
> <html xmlns:t="http://tapestry.apache.org/schema/tapestry_5_1_0.xsd" xmlns:p="tapestry:parameter">
> <head>
> </head>
> <body>
> <t:form t:id="myForm" t:zone="myZone">
> <input type="submit" />
> </t:form>
> <t:zone t:id="myZone">
> ${httpRequest.session.id}
> </t:zone>
> </body>
> </html>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Closed: (TAP5-1176) async form submission creates a new
session every time when cookies are disabled
Posted by "Christophe Cordenier (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/TAP5-1176?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Christophe Cordenier closed TAP5-1176.
--------------------------------------
Fix Version/s: 5.2
Resolution: Fixed
This has been fixed in T5.2, now linkToZone Urls are generated at the end of the HeartBeat, so if the session exists jsession is appended to the URL.
As a workaround you should call the session first in your page to ensure that the session is created before your form component renders.
> async form submission creates a new session every time when cookies are disabled
> --------------------------------------------------------------------------------
>
> Key: TAP5-1176
> URL: https://issues.apache.org/jira/browse/TAP5-1176
> Project: Tapestry 5
> Issue Type: Bug
> Affects Versions: 5.1
> Environment: windows, tomcat 6
> Reporter: Paul Stanton
> Assignee: Christophe Cordenier
> Fix For: 5.2
>
>
> If cookies are disabled on a server, tapestry fails to continue an existing session when a form is submitted via ajax. a new session is created every time the form is submitted.
> The following example works fine (session id does not change) when cookies are enabled for the webapp container, but does not work (new session id every submit) when cookies are disabled.
> public class Start
> {
> private final static Logger LOG = Logger.getLogger(Start.class);
> @Inject
> private ComponentResources resources;
> @Inject
> @Property
> private HttpServletRequest httpRequest;
> Object onSuccessFromMyForm()
> {
> LOG.debug(httpRequest.getSession().getId());
> return new MultiZoneUpdate("myZone", resources.getEmbeddedComponent("myZone"));
> }
> }
> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
> <html xmlns:t="http://tapestry.apache.org/schema/tapestry_5_1_0.xsd" xmlns:p="tapestry:parameter">
> <head>
> </head>
> <body>
> <t:form t:id="myForm" t:zone="myZone">
> <input type="submit" />
> </t:form>
> <t:zone t:id="myZone">
> ${httpRequest.session.id}
> </t:zone>
> </body>
> </html>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.