I am using Spring-ROO as well as Spring security for my web application. I have set the session-timeout as 10. On closing the browser, the session is not getting closed automatically. Can anyone tell any method to close the session when the browser is closed?
Is there any configuration available to have this settings?
Please note that I cant use jquery/javascript.
I don't think this is possible, as no OnBrowserClosed event exists. The only thing that gets close is the non-standard window.onunload DOM event, which you could catch, but that would mean having custom logic run whenever you navigate from one page to another, and even then I don't think you can access the URL the user is going to next, which would be required to know that the user is actually going away from your site (something like null meaning that he goes to no site at all).
One think you could do is to set the timeout even shorter and have a JavaScript on every page that pings the server in regular short intervals using AJAX, but that's a dirty hack, and it would lock out anyone who has JS turned off. A clean solution is not possible IMHO.
Related
In case a (say login) form POST submission fails and Firefox displays "Try Again" message.
Is there any way to click this "Try Again" automatically or through any settings in Firefox about:config that it clicks it?
Related
"Clicking" the Try Again button is relatively easy. There is an extension that does just that, and lets you set the number of seconds between retries.
The real rub here is that you want to "blindly" retry form POSTs. As we all know, just because you didn't get a response, that doesn't necessarily imply that nothing was changed on the server.
Re-submitting a login form sounds harmless enough, and usually is. But if you imagine forms that result in orders being placed or money being moved, it's easy to understand why browsers have implemented this kind of warning:
This is what you'll see if you enable an extension like TryAgain and a form post fails. It's the same behavior you'd get by pressing F5 yourself. The extension will dutifully try to POST again, but the browser is going to intervene with an alert, and refuse to send the POST until "Resend" is clicked.
This kind of safety feature does a fair amount to protect end-users and developers from poor implementations and network hiccups. However, it's really going to work against what you're trying to accomplish.
That said, if you could figure out a way to modify the extension to detect the alert and somehow click "Resend", you'd be in business. I can't say for sure that this is impossible, put it kind of looks that way, at least for now: this issue was marked as "won't fix", and this issue is still open.
Here is an extension for firefox:
auto reload
but i would warn you. because you could auto send any sensitive data. usually web browsers ask reload because the dont want any sensitive data to be submitted without user discretion.
Spring web flow transitions not working at all. only the first view state loads. But on click of any transition states, the flow gets refreshed again and the first view is again loaded. Although, the same flow xml and same setup works fine in my friends machine. How is this possible? The same flow(flow xml) works fine in one system and not the other. has anyone ever faced this type of problem? Any help is greatly appreciated. thanks!!!
----------------------------
What I was able to see is that, whenver a transition is triggered, it returns http status 302 rather than 200. Hence it defaults to flow start.
Can anyone help me here pls..
We were able to figure out the issue. SWF uses JSESSIONID for every event. If that cookie is not sent back from browser to server, it assumes there is no valid session and it redirects to first page(flow start). This can be fixed either in code or at container level. JESSIONID cookie should not be HttpOnly. Either this can be done in application server(Websphere in my case, not sure other servers have this option). else, in code to have a filter to get the JSESSIONID cookie and do this cookie.setHttpOnly(false);
Firebug is the best tool to identify these kind of issues i guess. :)
How to create different session for different tabs in same window?
I am trying but it is always using same session throughout different window in Struts2 app?
I have changed cookies two but session remain same.
Its struts2 java app.
thanks
#user1126046 It's Not Possible,
If you want to create Different session for different tabs in same window, you need to force user to use a single instance of your application by writing URLs on the fly(different URLs for the same instance(URL encoding), SessionID won't work in this case).
Unless you want to pass data through GET or POST with every request, you can't do this.
But: we may achieve by assigning a Window-Id(using Apache MyFaces Orchestra, Spring MVC, jsf), Refer this answer for more info.
I don't really know from your question exactly what it is you are trying to accomplish, but if you want something sort of like "different sessions" per tab, you can look at this http://code.google.com/p/struts2-conversation/.
Its a plugin that I maintain myself. I'm doing frequent releases, but they are backwards compatible. But again, I'm not sure exactly what you need, so I don't know that this is adequate or not.
We have a web app that is heavy on AJAX and it is very customizable so we need something that will click on every link in it to make sure that none of the forms/pages break. I know that there are lots of spiders/crawlers out there but we haven't been able to find one that's easy to implement and works with AJAX and allows you to have a session cookie.
Well, considering you asked this question over two years ago I doubt you'll have much need for the answer. But in case someone else comes across this question from a search engine, here's my suggestion:
Use Selenium http://seleniumhq.org/ or IEUnit https://code.google.com/p/ieunit/ to automate a browser itself. They both operate on top of a JavaScript engine so you can write a few lines of code to click on every anchor tag in your site.
We have a problem with our SAAS site. We sometimes have users kicked out because our authentication cookie is not there (or possibly corrupted). This happens rarely enough that it is hard to find, but often enough that I want to know why.
I want to install a monitor / sniffer for one of our support engineers. They get the problem every once and a while and can stop and call when it happens.
I am looking for something that will log page visits (with timestamp) and cookie changes (create/mod/delete).
Does anyone have a tool that will do this type of logging for FireFox? Maybe a Sqlite tool that will work for Firefox (which I think takes exclusive on the Sqlite db file).
I think Tamper Data can help you. Open the Tamper Data window. Do the requests. Right click -> Export as XML. You can view the cookies by double clicking on the Cookie header.