You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@myfaces.apache.org by MPF <ma...@procon.co.at> on 2007/08/08 14:41:23 UTC

Session Handling and Navigation Questions

Hi!

Session Handling (especial Firefox):
What i have to do at a logout? invalidate session? clear all session beans
(scope=session)? On login i have to check if a user is already logged in at
this browser instance?

Navigation:
How is it possible that e.g. only jsp A can forward/redirect to jsp B? so
that jsp B can never called as e.g.
http://www.abc:8023/MyApplication/jsp/jspB.jsp but only from jsp A.

best regards

-- 
View this message in context: http://www.nabble.com/Session-Handling-and-Navigation-Questions-tf4236035.html#a12052276
Sent from the MyFaces - Users mailing list archive at Nabble.com.

Re: Session Handling and Navigation Questions

Posted by MPF <ma...@procon.co.at>.



Andrew Robinson-5 wrote:
> 
>> Session Handling (especial Firefox):
>> What i have to do at a logout? invalidate session? clear all session
>> beans
>> (scope=session)? On login i have to check if a user is already logged in
>> at
>> this browser instance?
> 
> Invalidate the HttpSession to delete the user's session and thereby
> lose all data about the user. If you are using form based
> authentication, this will also log them out.
> 
> -->
> Can you tell me whats the right way to invalidate the session?
>         FacesContext faces = FacesContext.getCurrentInstance();
>         HttpServletRequest req = (HttpServletRequest)
> faces.getExternalContext().getRequest();
>         /* delete jsf session */
>         req.getSession().invalidate();
> correct?
> or clear session map?
>         HttpSession session = (HttpSession)
> faces.getExternalContext().getSessionMap().clear();
> 
>> Navigation:
>> How is it possible that e.g. only jsp A can forward/redirect to jsp B? so
>> that jsp B can never called as e.g.
>> http://www.abc:8023/MyApplication/jsp/jspB.jsp but only from jsp A.
> 
> Use a backing bean with an action and have on-load code redirect the
> user back to page A if a flag in the backing bean is not set
> 
> public class A {
>   public boolean okayToGoToB = false;
>   public String goToB() {
>     okayToGoToB = true;
>     return "go-to-b"; // use navigation rule on action outcome "go-to-b"
>   }
> }
> 
> Using jsf-comp onload, jboss-seam pages page action or shale, setup an
> action to run when the user loads page b that checks to see if
> "A.okayToGoToB" is true.
> -->
> yes but my question was how can i avoid that the user call e.g. main.jsp
> direct at browser (http:localhost:8080/myApplication/jsp/main.jsp)?
> the right way to call main.jsp should be:
> login.jsp-->forward-->main.jsp
> 
> so it only following url can be called by user direct:
> http:localhost:8080/myApplication/jsp/login.jsp.
> 
> 
>>
>> best regards
>>
>> --
>> View this message in context:
>> http://www.nabble.com/Session-Handling-and-Navigation-Questions-tf4236035.html#a12052276
>> Sent from the MyFaces - Users mailing list archive at Nabble.com.
>>
>>
> 
> 

-- 
View this message in context: http://www.nabble.com/Session-Handling-and-Navigation-Questions-tf4236035.html#a12067000
Sent from the MyFaces - Users mailing list archive at Nabble.com.

Re: Session Handling and Navigation Questions

Posted by Andrew Robinson <an...@gmail.com>.

> Session Handling (especial Firefox):
> What i have to do at a logout? invalidate session? clear all session beans
> (scope=session)? On login i have to check if a user is already logged in at
> this browser instance?

Invalidate the HttpSession to delete the user's session and thereby
lose all data about the user. If you are using form based
authentication, this will also log them out.

> Navigation:
> How is it possible that e.g. only jsp A can forward/redirect to jsp B? so
> that jsp B can never called as e.g.
> http://www.abc:8023/MyApplication/jsp/jspB.jsp but only from jsp A.

Use a backing bean with an action and have on-load code redirect the
user back to page A if a flag in the backing bean is not set

public class A {
  public boolean okayToGoToB = false;
  public String goToB() {
    okayToGoToB = true;
    return "go-to-b"; // use navigation rule on action outcome "go-to-b"
  }
}

Using jsf-comp onload, jboss-seam pages page action or shale, setup an
action to run when the user loads page b that checks to see if
"A.okayToGoToB" is true.

-Andrew



>
> best regards
>
> --
> View this message in context: http://www.nabble.com/Session-Handling-and-Navigation-Questions-tf4236035.html#a12052276
> Sent from the MyFaces - Users mailing list archive at Nabble.com.
>
>