| Question about session handling in RAP [message #76023] |
Fri, 29 February 2008 07:29  |
Eclipse User |
|
|
|
Originally posted by: diman.karagiozov.gmail.com
Hello All,
I am rather new in using the RAP framework and recently came across a
strange behavior related to the session handling.
I have an existing web application which I want to "enrich" with a small
RAP application. The existing web application is implemented with
servlets, hosted in Jetty 6.x server. I managed to deploy the RAP
application in the same context as the web application.
The usual workflow in my web application is:
1) user sends username and password. Upon valid verification, some user
details are stored in the session;
2) at some point the user opens a new window that contains the rap
application;
3) the RAP application tries to read some attributes from the session
(initially populated after login);
After step 2, two things happen -
- the RAP application cannot access the session attributes - they
disappear from the underlying HTTP session;
- each subsequent request in the "hosting" web application leads the user
to the login page because the session is empty (the keys set after the
login are lost).
After debugging the RAP side of the application I found a private method
in LifeCycleServiceHandler class, called clearSession. If I understand it
correctly, the method clears the session - it loops through all keys and
removes them. There is a special handling for the
"SessionStoreImpl.ID_SESSION_STORE" attribute, used for storing RAP
session container.
I can understand why the RAP session container is removed, but why the
other session attributes are removed too? RAP framework cannot do anything
with them anyway...
As this clearSession method is very deep in the framework I do not see a
good way of avoiding its call in the life cycle.
Can you suggest me a scenario where:
1) I can read the existing session attributes in the RAP application;
2) the subsequent requests in the hosting application still can access the
existing session attributes?
Thanks in advance
Diman Karagiozov
greetings
Diman
|
|
|
| RE: Question about session handling in RAP [message #76135 is a reply to message #76023] |
Fri, 29 February 2008 12:44  |
| Eclipse User |
|
|
|
Originally posted by: fappel.innoopract.com
Hi,
cleaning the session attributes is done for compatibility of the
w4toolkit library that runs on the same infrastructure but without using
the sessionstore. Besides that there could also be 'RAP'-application
data stored in the http session, in case the application developer
didn't use the sessionstore for some reason.
But I clearly see your problem and understand that this is an ugly
limitation. The only workaround I currently can think of is to store
your application data in a map-wrapper which is stored inside the
http-session. The wrapper could implement HttpSessionBindingListener to
get notified when the RAP startup process removes it from the session.
In that case it could store itself temporarily in a global 'session to
wrapper' map. In IEntryPoint#createUI() there could be a code fragment
that removes the wrapper from the map and put it back into the session.
I know that this is bad and it still needs some refinements (e.g.
session timeout handling) but it's the best I can think of till we have
improved the situation in the LifeCycleServiceHandler class.
Ciao
Frank
-----Ursprüngliche Nachricht-----
Von: Diman Karagiozov [mailto:diman.karagiozov@gmail.com]
Bereitgestellt: Freitag, 29. Februar 2008 13:30
Bereitgestellt in: eclipse.technology.rap
Unterhaltung: Question about session handling in RAP
Betreff: Question about session handling in RAP
Hello All,
I am rather new in using the RAP framework and recently came across a
strange behavior related to the session handling.
I have an existing web application which I want to "enrich" with a small
RAP application. The existing web application is implemented with
servlets, hosted in Jetty 6.x server. I managed to deploy the RAP
application in the same context as the web application.
The usual workflow in my web application is:
1) user sends username and password. Upon valid verification, some user
details are stored in the session;
2) at some point the user opens a new window that contains the rap
application;
3) the RAP application tries to read some attributes from the session
(initially populated after login);
After step 2, two things happen -
- the RAP application cannot access the session attributes - they
disappear from the underlying HTTP session;
- each subsequent request in the "hosting" web application leads the
user to the login page because the session is empty (the keys set after
the login are lost).
After debugging the RAP side of the application I found a private method
in LifeCycleServiceHandler class, called clearSession. If I understand
it correctly, the method clears the session - it loops through all keys
and removes them. There is a special handling for the
"SessionStoreImpl.ID_SESSION_STORE" attribute, used for storing RAP
session container.
I can understand why the RAP session container is removed, but why the
other session attributes are removed too? RAP framework cannot do
anything with them anyway...
As this clearSession method is very deep in the framework I do not see a
good way of avoiding its call in the life cycle.
Can you suggest me a scenario where:
1) I can read the existing session attributes in the RAP application;
2) the subsequent requests in the hosting application still can access
the existing session attributes?
Thanks in advance
Diman Karagiozov
greetings
Diman
|
|
|
|
| Re: Question about session handling in RAP [message #76495 is a reply to message #76023] |
Tue, 04 March 2008 04:50 |
| Eclipse User |
|
|
|
Originally posted by: diman.karagiozov.gmail.com
Thanks a lot for both suggestions - I think both will work for me :) and
looks better from what I've implemented (see below)...
---
Meanwhile I decided to split my web application from the RAP application -
now I have two web contexts and the sessions are not shared between the
application, thus they are not cleared.
Once the user logins in the web application, it session is created and
filled with whatever data is needed. When I request the rap application I
pass the session ID as URL parameter (this may raise some security issues
but the whole set of applications is not exposed to public).
When the RAP application needs some data from the web application, it
makes HTTP request using the session ID as cookie (or by rewriting the
URL). In this way, the session in the web application is reused.
I know that this is not the optimal solution but similar approach can be
used when one wants to integrate a RAP application in another non-java
based web application - e.g. PHP, .net or ColdFusion - only the right
session cookies has to be passed...
|
|
|
Powered by
FUDForum. Page generated in 0.06315 seconds
Home