Spring web flow transitions not working at all. only the first view state loads. But on click of any transition states, the flow gets refreshed again and the first view is again loaded. Although, the same flow xml and same setup works fine in my friends machine. How is this possible? The same flow(flow xml) works fine in one system and not the other. has anyone ever faced this type of problem? Any help is greatly appreciated. thanks!!!
----------------------------
What I was able to see is that, whenver a transition is triggered, it returns http status 302 rather than 200. Hence it defaults to flow start.
Can anyone help me here pls..
We were able to figure out the issue. SWF uses JSESSIONID for every event. If that cookie is not sent back from browser to server, it assumes there is no valid session and it redirects to first page(flow start). This can be fixed either in code or at container level. JESSIONID cookie should not be HttpOnly. Either this can be done in application server(Websphere in my case, not sure other servers have this option). else, in code to have a filter to get the JSESSIONID cookie and do this cookie.setHttpOnly(false);
Firebug is the best tool to identify these kind of issues i guess. :)
Related
I’m looking for a neat way to execute a check to see if there are any messages in an inbox (realtime) in a Grails 2.x application.
I’ve moved away from polling via ajax to websockets, which is great at the point where someone actually sends you the message, but when you change to another screen, the “count” still needs to be initialized.
Can anyone advise on a elegant way of doing this?
Interceptors are not ideal as I need to check across just about all controllers
Filters are not ideal because on some screens with graphs there are many ajax request, the check would be run many times for each request.
I’m wondering if there are any other solutions that I’m not thinking of.. but possibly not.
A filter that disregards the check if a request header indicates an Ajax request would work.
Depending on where you need this "count" you could: In your layout (main.gsp for instance) call a tag library which makes use of a service to fetch the count. That way it's only applied to GSPs where the layout is applied (e.g. not any ajax request).
This is a very strange one for me and I've been battling with it for a while now. I really hope someone can help.
I have a fairly typical MVC 3 Website and I only seem to be getting this problem in IE and Firefox. Chrome plays along nicely. Lucky for me, the majority of our company's clients uses Chrome at the moment.
Problem is at a seemingly random point in time, the browser will automatically redirect me to the Account/LogOff action when I click on a link, and from there it will obviously go back to the Login page. This link will then continue with the same behavior.
I say "seemingly random" because today that link will work, tomorrow it won't and all other (or the majority - I have never had more than on problem link giving this problem at a time) links will be fine. Sometimes restarting the server/dev environment will take care of the problem, other times it won't. The browser will just keep redirecting to LogOff.
I have tried looking at the Referrer URL, but the controller/action being referred to will never be reached. (If I place a breakpoint in the action, it is missed and the next point reached would be the LogOff action)
If I look at the stacktrace when in the LogOff Action, I can't see any info from where the application has come from. I have also tried what was suggested in this page: Posting the Stack Trace on ASP.NET MVC, but I cannot see why I am being redirected to the LogOff action.
The only place I seem to be able to have a breakpoint get hit before hitting LogOff, is Application_BeginRequest in the Global.asax, but can't see where it is going from there on.
My guess is that somewhere along the line, ASPNET Auth decides the user isn't authenticated any more and redirects to the LogOff action. Problem is that the cookies associated with ASPNET Auth all still exist, have data in them and they haven't expired yet.
Anyway, I hope I have given enough info on the problem.
Thanks in advance.
[Edit]
OK, so I might have gotten a step closer. I came across this link and looked to see what is happening in my Application_AuthenticateRequest in my global.asax.
I am not quite sure why, by when I click on a link, Application_AuthenticateRequest gets accessed 3 times. When a link works (as in I can follow it and it doesn't log me out), the value of the .ASPAUTH cookie stays the same. I checked this by adding a breakpoint and a watch over
HttpContext.Current.Request.Cookies[".ASPXAUTH"].Value
When the link does not work, the first time the cookie has a value, then the other two times it is null. Thus, because the ASPXAUTH cookie is null, the system automatically redirects to the LogOut action.
If I consider the solution they posted in the link, I am not sure if this applies to me. As far as I can tell, the encrypted cookie is still small (as in a few hundred characters long) and not close to 4096 bytes. Also, I have only 3 cookies going at the time I when tested the broken link and I have a maximum of 5 cookies at any given time.
Any idea?
OK, so I had a hunch about cookies expiring. So I looked at whether there is a way to keep (force) cookies in Forms Authentication alive and that led me to http://www.codeproject.com/Articles/221889/How-to-Generate-Machine-Key-in-IIS7
The only way I could test this theory was to keep working and debugging the site as normal. (And that's why it took me so long to post this answer.) Since I introduced this solution it seems that the problem has been solved.
Interestingly I spoke an Architect the other day, with 20 years dev experience, about my problem. He looked at my code and is convinced this is a bug in the Forms Authentication code.
I hope this helps some people who are experiencing the same problem I have.
I am using Spring-ROO as well as Spring security for my web application. I have set the session-timeout as 10. On closing the browser, the session is not getting closed automatically. Can anyone tell any method to close the session when the browser is closed?
Is there any configuration available to have this settings?
Please note that I cant use jquery/javascript.
I don't think this is possible, as no OnBrowserClosed event exists. The only thing that gets close is the non-standard window.onunload DOM event, which you could catch, but that would mean having custom logic run whenever you navigate from one page to another, and even then I don't think you can access the URL the user is going to next, which would be required to know that the user is actually going away from your site (something like null meaning that he goes to no site at all).
One think you could do is to set the timeout even shorter and have a JavaScript on every page that pings the server in regular short intervals using AJAX, but that's a dirty hack, and it would lock out anyone who has JS turned off. A clean solution is not possible IMHO.
I have an application running in Azure (trial account). So far so good, everything has been nice, except for a long deploy times (10-15 minutes).
I've done a deploy recently and got a lot of weird bugs I cannot trace. For example, if I log in and thus a cookie is created (I use FormsAuthentication) all I get from the application is a blank page, as in, absolutely nothing is sent to the browser. The application works fine in the ASP.NET Web Dev Server, IIS Express, even the Azure Emulator!
What could be the issue? Searching the web hasn't been much help, with only a couple of unrelated issues.
I tried logging into the site (if I correctly understood from one if the comments, the url is versulo.com) and I didn't get any blank page with 404 status code.
However, there is another problem I spotted. Your site seems to be implementing caching inappropriately. The main page, the one from which you trigger the login and which is dynamic in nature contains an Expires header set at 5 minutes after the pages first load. That means that each call or redirect to that page within 5 minutes since it was first loaded, will be served from the browser's cache.
Because of that, after I login into your application I am redirected back to the home page which looks like I am not logged in. If I force a F5 refresh on the browser, then the page will indeed show me as logged in.
If instead of a refresh I try to login again (which is what I did in my first trials, since it looked like the login didn't work in the first time), I am getting an error page with the following message:
Sorry, there has been an error on the server.
500
The page looks like an application error page and even if it displays the 500 number, it is actually served with an HTTP 200.
So, while I am not 100% sure if this is also the cause of the problem described by you, you should remove the Expires headers from the dynamic pages your application is serving.
This can be because you're combining Forms Authentication with multiple instances. Are you using multiple instances? If that's the case, could you:
Try to change it to 1 instance. Does this fix the issue?
Try to make the following change to the web.config (configure machineKey): http://msdn.microsoft.com/en-us/library/ff649308.aspx
some partial views are not rendered at all;
Do you mean some pages are working fine, but others are not? It would be better if you can point out a pattern on what’s working and what’s not? For now, please make sure all referenced assemblies (except for default .NET assemblies and Windows Azure runtime) have Copy Local set to true. For example, MVC assemblies are considered as extensions to .NET, so please set Copy Local to true. In addition, you can also try to use Fiddler to monitor the requests to see what’s returned from the server.
Best Regards,
Ming Xu.
Could you provide a link to the application, or perhaps some source code?
When you say 'blank page', what is actually returned, a 404 / 500?
Have you inspected the IIS logs, or added some trace information to your code?
Have you tried accessing the service using it's ip address rather than domain name?
I was hoping someone could shine some light on my problem. I am in the process of load testing a website. For authenticity, I would like to simulate users logging in and such. JMeter refuses to comply. I have tried manually using HTTPS requests, HTTPS spoofing that is provided, and exporting login scripts from Badboy. Using the View Results Tree listener after running a test, it seems that everything is working, but in the end I am always redirected to the login page. The cookie appears to be functioning properly as it displays the same session for each request.
Thanks in advance for any wisdom you all may offer.
While badboy is a great tool to create jmeter test in https.
But on our apps, badboy seem to add get request that didn't work at all, I had to remove them manually to fix the problem.
And if you have a token or session id in your cookies, it's doesn't take care of it for you so you got to figure out how to extract them with a reg-ex extrator and put in a variable that your test will use.
These problem were very specific to our apps not sure it apply to you, but if you remove unessary request and take care of sending back your token/session id it might do the trick.
I was facing the similar issue sometime ago but since my web application was JSF based I had to take care of the javax.faces.ViewState.
In my case every response had a JFV and I had to pass it as a parameter to the next request using Regular Expression Extractor.
Kindly check if your application is having any such problem.
Regards