10 Replies Latest reply on Jan 1, 2009 1:31 PM by kukeltje.ronald.jbpm.org

    How to redirect the user to the last page he left when the session expires?

    janylj

      The business scenario here is: When a user attempts to access a page and the session has timed out, he is redirected to the login page with a message explaining that he need to log in again. After the user completes the log in, he should be redirected to the last page where he tried to interact.


      We didn't find any built-in Seam configuration could help with this requirement. So we implement it programmatically. We save the last view id to the Cookie when session times out, and then recover the last view id when the user re-logs in.


      We are wondering whether there is any Seam component we could take advantage of. With the coming org.jboss.seam.sessionExpired event, can we do something like:


      <event type="org.jboss.seam.sessionExpired">
           <action execute="#{redirect.captureCurrentView}"/>
       </event>
       <event type="org.jboss.seam.postAuthenticate">
           <action execute="#{redirect.returnToCapturedView}"/>
       </event>



      I tried this setting now, with the sessionExpired event developed as Jacob's blog, the error is:


      2008-03-18 16:33:51,313 ERROR *http-8080-2* SeamPhaseListener.beforePhase:120 [] uncaught exception
      javax.el.PropertyNotFoundException: Target Unreachable, identifier 'redirect' resolved to null



      We also have question about how the conversation plays in this redirection. For example, the session expires when the user is at some results page, when he re-logs in, how to keep all the result data on that page and other states? Basically how to save and replay a conversation?


        • 1. Re: How to redirect the user to the last page he left when the session expires?
          pmuir

          File a feature request in JIRA.

          • 2. Re: How to redirect the user to the last page he left when the session expires?
            mrauls.mrauls.akimeka.com

            In case anyone else has this issue, there is a good solution here:


            http://www.seamframework.org/Documentation/RedirectingBackToCurrentPageWhenSessionTimesOut

            • 3. Re: How to redirect the user to the last page he left when the session expires?
              joblini

              The solution proposed in that article is incredibly complicated, as is Bauer's approach, referenced in the same article.


              Currently, after a session has expired, the server simply forgets everything associated with that session.  The reason for this is to prevent resource leakage on the server.  For example, Joe Blow goes on vacation without logging out.


              On the other hand, it is not acceptable for a user who has taken a coffee break to have his context, including any changes, lost.


              It would be nice to have Seam persist conversation and session state to disc, and then restore these states if required.


              This would solve the problem of resource leakage, while also allowing sessions to be resumed


              What do you think?

              • 4. Re: How to redirect the user to the last page he left when the session expires?
                kukeltje.ronald.jbpm.org

                Ingo Jobling wrote on Dec 31, 2008 01:45:

                On the other hand, it is not acceptable for a user who has taken a coffee break to have his context, including any changes, lost.


                uhhmm.... then make it longer?



                Ingo Jobling wrote on Dec 31, 2008 01:45:


                It would be nice to have Seam persist conversation and session state to disc, and then restore these states if required.



                Isn't this to a large extend the process scope? (I know I over simplify, but for the sake of discussion I do it anyway)


                Or do I miss something?

                • 5. Re: How to redirect the user to the last page he left when the session expires?
                  joblini

                  Hi,


                  I'm just saying that, currently, Seam does nothing to deal with Session timeouts, and I think that there are better ways to handle this than simply discarding all state.


                  The posted solutions to preserve form submission contents after a session timeout are ridiculously complicated.


                  As you suggest, a workaround is to increase session timeout.  Of course, this reduces the number of concurrent sessions that can be supported. 

                  • 6. Re: How to redirect the user to the last page he left when the session expires?
                    joblini

                    For example, display a logon page for longer that session timeout.  This leads to the absurd situation where the user enters his username and password, clicks submit, and the response is Session expired, please log in.


                    Can we do better than this?

                    • 7. Re: How to redirect the user to the last page he left when the session expires?
                      kukeltje.ronald.jbpm.org
                      Ingo Jobling wrote on Dec 31, 2008 04:57:


                      As you suggest, a workaround is to increase session timeout. Of course, this reduces the number of concurrent sessions that can be supported.



                      That is why we make sure the real data in the session is allowed to be volatile and if someone is e.g. filling out a complex form (I use xforms for that) data for that form is persisted with the task (jbpm) that is carried out when the session expires. The data belongs to the task, is not completed yet, so just saved.... There is no need then to store session information persistently or have the need for knowing where to retrieve it again... yuck.... If the user comes back, there is still this task for him with all data he entered up to then... feels like a clean solution and it works




                      Ingo Jobling wrote on Dec 31, 2008 05:15:


                      For example, display a logon page for longer that session timeout.  This leads to the absurd situation where the user enters his username and password, clicks submit, and the response is Session expired, please log in.

                      Can we do better than this?



                      This could/should indeed be improved.... kind of ugly I agree


                      • 8. Re: How to redirect the user to the last page he left when the session expires?
                        joblini

                        Ronald van Kuijk wrote on Dec 31, 2008 12:37:


                        Ingo Jobling wrote on Dec 31, 2008 04:57:


                        As you suggest, a workaround is to increase session timeout. Of course, this reduces the number of concurrent sessions that can be supported.



                        That is why we make sure the real data in the session is allowed to be volatile and if someone is e.g. filling out a complex form (I use xforms for that) data for that form is persisted with the task (jbpm) that is carried out when the session expires. The data belongs to the task, is not completed yet, so just saved.... There is no need then to store session information persistently or have the need for knowing where to retrieve it again... yuck.... If the user comes back, there is still this task for him with all data he entered up to then... feels like a clean solution and it works



                        I wish that Seam would do this out of the box.  Thanks for sharing your approach, I know I will have to deal with this sooner or later!

                        • 9. Re: How to redirect the user to the last page he left when the session expires?
                          joblini

                          Feature request opened in JIRA:
                          Recover gracefully from Session timeout

                          • 10. Re: How to redirect the user to the last page he left when the session expires?
                            kukeltje.ronald.jbpm.org

                            Ingo Jobling wrote on Jan 01, 2009 01:00:


                            I wish that Seam would do this out of the box.  Thanks for sharing your approach, I know I will have to deal with this sooner or later!



                            I personally think this is a design thing and not something seam can do out of the box on its own, since it has no knowledge of what you want to achieve. But it is really simple to achieve: use the @Destroy annotation.


                            Our complex forms are xforms based and jsf is used for the rest of the ui. The really nice thing about xforms is that it results in an xml object of your form, not a detailed database model. Much easier to create, persist etc... So we only have this object to persist and extract some data from it to be stored in the domainmodel. Since the form is filled out while using ajax underneath (dojo/dwr) it is always in sync. This xforms object is in a conversation-scoped component and when the conversation is destroyed, we just set a jbpm task variable with the serialized value of this object. Really simple. When the task is opened again, this value is read and used to pre-fill the form....


                            You see, there is not much to it.... just some out of the box thinking, or was it inside the box?


                            The other issue about the logging in remains though..