Session Timeout - Again

So this seems to be a reoccurring topic with no real answers.

I have been running the Beta for a while but I am now on IceFaces 2.0. In my application when the session expires the application just freezes. There is no pop-up saying that the session has expired, like some other people are experiencing.

After reading up on http://wiki.icefaces.org/display/ICE/Configuration I tried to add the following to web.xml

<context-param>
<param-name>org.icefaces.strictSessionTimeout</param-name>
<param-value>true</param-value>
</context-param>

While this works in a way that the session will expire even though there are push events going on, there is still no pop-up. The application just freezes. There is also no message in the Glassfish (Oh and I run on Glassfish 3.0) server.log saying anything about a session expiration.

So the next try was the session expire redirect.

<context-param>
<param-name>
org.icefaces.sessionExpiredRedirectURI</param-name>
<param-value>/Open/theSessionExpiredPage.jsf</param-value>
</context-param>

This has no effect what so ever. I can see when the server starts up that both of the above parameters are set, but the session still expires quietly without any message or redirect and the application still freezes up.

Now, to use the sessionExpiredRedirectURI it says you have to use the "compatibility component suite". I don't know what that means. My project has the "IceFaces Components 2.0.0" library added to it with the "icefaces-compat.jar" file in the path.

Any thoughts?

Cheers,

// Jonas

Does anyone have an answer to this?

Also, is it possible to redirect when session expires instead of showing a popup without compatibility mode?

Thanks,
Dumi.

Do you have a simple sample that illustrates this consistently?

Hi Judy,

Attached is a test project that shows the problem. I'm running Apache Tomcat 6.0.20 and I'm using JSF 2.0 Mojarra 2.0.3-FCS. The jars used are: commons-beanutils.jar, commons-collections.jar, commons-digester.jar, commons-logging.jar, icefaces-ace.jar, icefaces-compat.jar, icefaces.jar and icepush.jar, all taken from ICEfaces-2.0.0-bin.

I have only one page with an ice:outputConnectionStatus and one ice:commandLink. The session is set to expire after 1 minute. After 1 minute, if I click on the link I get the "User Expired Session" popup. But if I don't do anything the popup doesn't appear. I've did some debugging and the session destroyed event is triggered by the container and the SessionExpiredListener->sessionDestroyed method gets called:
Code:

    public void sessionDestroyed(HttpSessionEvent httpSessionEvent) {
 
         FacesContext fc = FacesContext.getCurrentInstance();
 
         //If there is no FacesContext, then the session likely timed out of it's own accord rather
         //then being invalidated programmatically as part of a JSF lifecycle.  In that case,
         //we can't put an exception into the queue.
         if (fc != null) {
             Application app = fc.getApplication();
             if (app == null) {
                 ApplicationFactory factory = (ApplicationFactory) FactoryFinder.getFactory(FactoryFinder.APPLICATION_FACTORY);
                 app = factory.getApplication();
             }
 
             ExceptionQueuedEventContext ctxt =
                     new ExceptionQueuedEventContext(fc, new SessionExpiredException("Session has expired"));
             app.publishEvent(fc, ExceptionQueuedEvent.class, ctxt);
         }
 
         //If the session is destroyed and ICEpush is available, we can request a push request immediately
         //which should result in a SessionExpiredException being sent to the client.
         if (EnvUtils.isICEpushPresent()) {
             HttpSession session = httpSessionEvent.getSession();
             ServletContext servletContext = session.getServletContext();
             PushContext pushContext = PushContext.getInstance(servletContext);
             pushContext.push(session.getId());
         }
     }

The ICEpush is present so the session expired should be sent to the client, but nothing happens.

If you can point me to the right direction it would be great. Also, the next step would be to redirect the user when session expires, not to show the popup. And if possible without the compatibility mode...

Thanks & best regards,
Dumi.

We appear to have two separate problems in this thread.

Dumi, your problem can be resolved by adding the session to a push group. Just call PushRenderer.addCurrentSession("session-expiry") for any users that you want to display the Session Expired message for. ICEpush in ICEfaces 2.0 is "lazily" initialized, meaning that the blocking connection is not started unless the application makes use of notification. This reduces network resource consumption, and you may or may not want to keep a socket open to display the Session Expired message.

http://jira.icefaces.org/browse/ICE-5801

Jonas, you appear to be encountering a bug, so a test case would be helpful.

Sorry for not replying earlier.

I am a bit busy with deliverables right now but I will try to get to the test case over the weekend.

Thanks!!!

// Jonas

ted.goddard wrote:

We appear to have two separate problems in this thread.

Dumi, your problem can be resolved by adding the session to a push group. Just call PushRenderer.addCurrentSession("session-expiry") for any users that you want to display the Session Expired message for. ICEpush in ICEfaces 2.0 is "lazily" initialized, meaning that the blocking connection is not started unless the application makes use of notification. This reduces network resource consumption, and you may or may not want to keep a socket open to display the Session Expired message.

http://jira.icefaces.org/browse/ICE-5801

Jonas, you appear to be encountering a bug, so a test case would be helpful.

I now have created a smaller project that demonstrates the problem. The realm is based on a MySQL database and created like

==== create realm ==============
sudo /opt/glassfishv3/glassfish/bin/asadmin create-auth-realm --classname com.sun.enterprise.security.auth.realm.jdbc.JDBCRealm --property jaas-context=jdbcRealm:datasource-jndi=card:user-table=employees:user-name-column=userid:password-column=password:group-table=employees:group-name-column=role:digest-algorithm=MD5 userauth
========== end =============

===== web.xml ================
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<context-param>
<param-name>javax.faces.PROJECT_STAGE</param-name>
<param-value>Development</param-value>
</context-param>
<context-param>
<param-name>javax.faces.FACELETS_SKIP_COMMENTS</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<param-name>javax.faces.STATE_SAVING_METHOD</param-name>
<param-value>server</param-value>
</context-param>
<context-param>
<param-name>com.icesoft.faces.uploadDirectory</param-name>
<param-value>upload</param-value>
</context-param>
<context-param>
<param-name>org.icefaces.strictSessionTimeout</param-name>
<param-value>true</param-value>
</context-param>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
<servlet-name>Resource Servlet</servlet-name>
<servlet-class>com.icesoft.faces.webapp.CompatResourceServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.jsf</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/icefaces/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Resource Servlet</servlet-name>
<url-pattern>/xmlhttp/*</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>
3
</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>Secured/client.jsf</welcome-file>
</welcome-file-list>
<security-constraint>
<display-name>Constraint1</display-name>
<web-resource-collection>
<web-resource-name>protected</web-resource-name>
<description/>
<url-pattern>/Secured/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<description/>
<role-name>ADMIN</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>userauth</realm-name>
<form-login-config>
<form-login-page>/Open/login.jsp</form-login-page>
<form-error-page>/Open/loginfailed.jsp</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description>Manages the employees</description>
<role-name>MANAGER</role-name>
</security-role>
</web-app>
========== End =============

===== sun-web.xml ============
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sun-web-app PUBLIC "-//Sun Microsystems, Inc.//DTD GlassFish Application Server 3.0 Servlet 3.0//EN" "http://www.sun.com/software/appserver/dtds/sun-web-app_3_0-0.dtd">
<sun-web-app error-url="">
<context-root>/SessionTimeOut</context-root>
<class-loader delegate="true"/>
<jsp-config>
<property name="keepgenerated" value="true">
<description>Keep a copy of the generated servlet class' java code.</description>
</property>
</jsp-config>
<security-role-mapping>
<role-name>ADMIN</role-name>
<group-name>ADMIN</group-name>
</security-role-mapping>
</sun-web-app>
======== End ===============

Now in the Open dir I have 2 files
login.jsp and loginfailed.jsp.

In the Secured dir I have created a client.xhtml that uses a template.xhml

======= client.xhtml =============
<?xml version='1.0' encoding='UTF-8' ?>
<!DOCTYPE composition PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<ui:composition xmlns:ui="http://java.sun.com/jsf/facelets"
xmlns:icecore="http://www.icefaces.org/icefaces/core"
xmlns:ice="http://www.icesoft.com/icefaces/component"
xmlns:ace="http://www.icefaces.org/icefaces/components"
template="./newICEfacesTemplate.xhtml">

<ui:define name="top">
top
</ui:define>

<ui:define name="left">
left
</ui:define>

<ui:define name="content">
<ice:form id="panelform">
<ice:panelTabSet height="330px">
<ice:panelTab label="First Tab">
<ice:outputText value="First content"/>
</ice:panelTab>
<ice:panelTab label="Second Tab">
<ice:outputText value="Second content"/>
</ice:panelTab>
</ice:panelTabSet>
</ice:form>
</ui:define>

<ui:define name="bottom">
bottom
</ui:define>

</ui:composition>
============== End =============

As you can see in the above web.xml the directory Secured is protected. When I request client.jsp in the browser I am correctly redirected to the login page. After a successful authorization I get the client.jsp page correctly. I have currently set the session time out till only 3 minutes. I have also set the strictSessionTimeout to true. I have no redirect page in case of a session timeout. The problem is shown already without that.

======= Symptom ==========
After 3 minutes of inactivity you can't anymore click on the tabs => the GUI becomes totally unresponsive.
=======================

It is worth mentioning that without the realm I correctly get a popup indicating that the session has expired.

If you want I can share the war file or the source

Any help is greatly appreciated.

Cheers,

// Jonas

Great work ehsjoar.Really awesome.

Ted,

Did you see my test case post?

Cheers,

// Jonas

ted.goddard wrote:

We appear to have two separate problems in this thread.

Dumi, your problem can be resolved by adding the session to a push group. Just call PushRenderer.addCurrentSession("session-expiry") for any users that you want to display the Session Expired message for. ICEpush in ICEfaces 2.0 is "lazily" initialized, meaning that the blocking connection is not started unless the application makes use of notification. This reduces network resource consumption, and you may or may not want to keep a socket open to display the Session Expired message.

http://jira.icefaces.org/browse/ICE-5801

Jonas, you appear to be encountering a bug, so a test case would be helpful.

After converting from an 1.8.2 application I am experiencing the same problem mentioned above. The Glassfish log shows SessionExpiredException but no popup like in 1.8.2..

Is there a way to get the old behaviour back? This problem is really a drawback for the framework..

In my case there is actually nothing in the server.log about a timeout. I only get a timeout without a REALM, in which case I see both the timeout exception in the log as well as the popup. With a REAL it seems the timeout is taking place in silence and the GUI becomes unresponsive

Related issue: http://www.icefaces.org/JForum/posts/list/18599.page

@ehsjoar, if you could please zip up and attach your test app, that would be helpful.

Thanks,
Philip

As of my problem with not displaying user session expired popup I can say that it works now.
The problem was that I had not deployed the icepush.jar with my jar..

ttretau wrote:

As of my problem with not displaying user session expired popup I can say that it works now.
The problem was that I had not deployed the icepush.jar with my jar..

Unfortunately this is not the cause for my problem. It also seems like this thread has died off. I will try to instead open a ticket for this

// Jonas