Is it possible to access session attributes inside the Vaadin SessionDestroyListener ? Or is it called after session getting destroyed ?
How the call back order regarding to HttpSessionListener, before or after ?
While the session object is available by calling sessionDestroyEvent.getSession(), its state is CLOSING and all attributes have already been removed from it (rather simple to test this...).
EDIT
#Morfic is completely right, so he gets the credit: when in a SessionDestroyListener's sessionDestroy() method, the session's attributes are, indeed, still available (I was not careful in my tests; re-did them, using the latest Vaadin release, 8.0.4).
Related
I upgraded my application from CI2 to CI3 (CI v3.1.9 and PHP7). Now I have performance issue with the new concurrency system in the session (see doc).
Some of the actions in the application are very long (because of calling an external APIs that can takes several minutes to respond for example) and I don't want those actions to lock the session. As recommended, I would use session_write_close() function in the controller before doing the very long action.
The problem is that I want to display a message to user after redirecting at the end of this action. Right now, I am using session->set_flashdata() before the redirection, but because I closed the session earlier, it is not working.
Does anyone have recommendations on how to achieve that?
If I am starting the session again with session_start() it is working, but I have no idea if this is best practice to use PHP session like that with Codeigniter.
There is no problem with starting the session again using session_start(). The CodeIgniter "Session" class is still loaded and the instance is still valid. So all the "special" stuff that CI does to make sessions work is good to go.
I tested and then used this scheme in a project some time back and didn't experience any problems. Haven't had any blow-back from the client of a still operating site either. YMMV.
BTW, in the __construct() function of the CI_Session class a call to session_start() is made in order to start up PHP's session extension. So making that call is clearly not a "bad" practice. :)
i have upgraded our application to SWF 2 and have implemented FMPC pattern. majority of our existing flow definitions doesn't have end-state, now using FMPC as described here, you can trigger commit by putting commit=true to your end-state. Example of our flow:
get form object
save details to db (we want to commit here)
fetch the same object with refreshed data
display to view
its currently working with previous SWF and just using Open Session in View pattern. but we imlemented FMPC to avoid any LazyInitializationException. Now what's happening is steps 1-4 is happening except that changes are not committed, so in the view, we don't see any changes. it seems difficult to add end-state at the middle just to commit to DB and also this means we need to add so many end-state, so my question is how to tell (SWF/FMPC) to commit "programmaticaly" without having to add the end-state tag. If you know better approach, please tell also. Thanks!
Spring Web Flows can have inheritance, so you can implement the end-state in your parent flow and then have it as a parent for all your flows.
I resolved my issue. I finally found out that indeed Hibernate is auto-committing all my read-write operations. The problem is when refreshing the object concerned which gave me the impression that there is no read-write done while in fact there is. Doing sessioFactory.refresh(object) instead of plain find() effectively fetched the updated data from the DB. I guess its because the hibernate session is still alive (due to FMPC) that's why doing "find" will retrieve from the hibernate cache while "refresh" means re-reading the data directly from underlying database. Please correct my analysis as necessary.
I just upgraded my app from CakePHP 1.3 to 2.3. The upgrade console is far from perfect, but after a day of debugging, I've solved most of the issues. There's just one left, and it's a big one: Sessions.
In my app I am not using any of the fancy $this->Session or CakeSession::read login, I've always relied on PHP Superglobal $_SESSION. In 1.3, that worked fine.
Enter CakePHP 2.3: Sessions seem to work only at some places in my functions, and for unknown reasons, they are sometimes empty. One example: in line 1 of a function in a controller, $_SESSION['key'] gives me an empty array, in line 10 it will give me a nicely populated array, and in my view it's empty again. Extremely frustrating. I've been able to solve this by calling session_start() when it doesn't work, but I don't want to go down that road.
The documentation states:
Usage of the $_SESSION is generally avoided in CakePHP, and instead usage of the Session classes is preferred.
I'm a bit surprised: Cake runs on PHP, so I would expect PHP superglobals to work.
I'm considering switching to CakeSession::read and CakeSession::write, but that's a laborious task: I'm using Sessions throughout my app.
Before switching, I'd like to know:
Is there a way to make the normal PHP $_SESSION superglobal work in Cakephp 2.3.7?
If not: is CakeSession::read and CakeSession::write the right alternative?
Some extra info:
I am calling the Session component in my AppController
I am calling the Session helper in my AppController
In general, you could access $_SESSION itself, but then you would need to assert session start and other things manually, as well - which CakePHP can and should take care of itself.
So why bother when you got a nice wrapper access to it?
I dont really see why this needs to be a question here. There are usually bigger fish to fry.
Believe me when I say that everyone uses the clean and neat component/helper/CakeSession access.
Also a nice site effect: You cannot trigger any "undefined index" warnings with the wrapper methods. They would simply return null if this key has not been set yet.
I am calling the Session component in my AppController
I am calling the Session helper in my AppController
No, helpers are for the view layer.
In our JSF2 project on JBoss 7.1.1, we define a session timeout in the web.xml and it works just fine.
However, sometimes we're getting view expiration, leading to errors like this one even if the session is still alive:
javax.faces.application.ViewExpiredException: viewId:/... - View /... could
not be restored.
Where can we set the view timeout, like we did for sessions? Or is the view expiration caused by something else?
Another cause of ViewExpiredException is that too many logical views are been created in the session. The default limit is JSF implementation specific and every synchronous GET request on a particular view basically creates a new view. So, for example, when you use Mojarra (which has a default limit of 15) and start a browser session and open the same view in 16 different tabs and then submit a form in the 1st one, then you may get this exception as well. The limit is configureable with a JSF implementation specific context parameter, which is com.sun.faces.numberOfLogicalViews for Mojarra and org.apache.myfaces.NUMBER_OF_VIEWS_IN_SESSION in MyFaces (defaults to 20).
This is however a very rare real world problem. If your webapp is really designed to be used this way (e.g. a social/community site which invites to being opened in multiple tabs, such as discussion forum or Q&A), then you might consider using client side state saving instead.
See also:
javax.faces.application.ViewExpiredException: View could not be restored
com.sun.faces.numberOfViewsInSession vs com.sun.faces.numberOfLogicalViews
I'm new with AppFabric Server caching but after playing around with it everything has been working like a dream.
I can add for example datatables to my cache and get that back to use just fine.
I got exited about this functionality and tried to test this with one 3rd party vendors dll that includes login session data (session id, date's etc.)
I created WCF service with method where you consume this dll to login and I store that session to my cache.
This works just fine and I can verify this by looking at statistics of my cache with PowerShell.
Then I created another method that is supposed to pick up this cached session and use it to execute actions. This is where I'm running to the wall.
I can see that I have been able to get session from cache, but information within session object is null (session id, date's...)
I've been serching help for this from everywhere but nobody seams to face this issue.
So my question is
Can AppFabric server cache ALL field values of given object (Public/Non-public not having any role)?
Is there any way to see actual existing content of cache where you would see keys and cached objects with values?
Thanks for all possible comments!
Regards
Mikko
In AppFabric you can only cache objects that are serialisable (or serializable for US readers :-) ). The fact that you have been able to store your session objects in the cache suggests that they are indeed serialisable. But to figure out what's going on here we'll need to probe a little deeper.
By default with binary serialisation, all fields/properties of an object are serialised, public and private (whereas XML serialisation only picks up the public values). We aren't told which flavour of serialisation AppFabric uses, but binary serialisation tends to be more efficient so it's a reasonable assumption that that's what gets used under the covers. However, it's possible to override the serialisation behaviour using the NonSerialized attribute, so that items marked NonSerialized don't make it into the serialised version of the object. The MSDN page for Selective Serialisation specifically advises that security-sensitive information should be marked as nonserializable.
A session ID definitely comes under the heading of security-sensitive information as it's key for session hijacking, so I should say that's the problem you're facing. You could confirm this by having a look inside the 3rd party DLL with ILDasm or Reflector to see if the fields inside the session class are indeed marked as not serialised.
Can you get round this? Well there is, of course, nothing to stop you creating your own Session class that you populate from the 3rd party's object where you keep all the properties serialisable and caching that instead. Bear in mind, however, that you're then essentially doing the very thing they've tried to stop you doing...