Session expiring on IE

Asked

Viewed 119 times

0

I have a JSF2 system where I use JAAS for access control. Everything is working fine in Chrome, but, for a change, IE occurs a problem.

Basically I have a form with login and password fields:

<form action="j_security_check" id="frmLogin" method="POST">
  <input type="text" name="j_username" id="j_username"/>
  <input type="password" name="j_password" id="j_password"/>
  <p:commandButton id="btLogin" value="Login" onclick="enviar()" icon="ui-icon-play"/>
</form>

In the Tomcat I have one jar which is mine loginModule with the login authentication rules:

public class LoginModuleUD implements LoginModule {
...
}

WEB.XML

<security-constraint>
    <web-resource-collection>
        <url-pattern>/sistema/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <description>teste</description>
        <role-name>usuario</role-name>
    </auth-constraint>
</security-constraint>
<login-config>
    <auth-method>FORM</auth-method>
    <realm-name>default</realm-name>
    <form-login-config>
        <form-login-page>/login.ud</form-login-page>
        <form-error-page>/loginError.ud</form-error-page>
    </form-login-config>
</login-config>
<security-role>
    <description/>
    <role-name>usuario</role-name>
</security-role>

This is the main entity of the system, it is injected into all other entities:

@Named(value="loginMB")
@SessionScoped
public class LoginMB implements Serializable{
    public LoginMB() {
        System.out.println("CONSTRUTOR LOGINMB");
    }
 ...
}

As I said, in Chrome everything is perfect, already in IE (tested on 8 and 10), when accessing a protected content it directs to the login screen and when clicking the LOGIN button the problem happens.
One time it gets lost and does not leave the login page, another time it goes to the correct page but loses the session (the Loginmb constructor is triggered again) and I have to give a F5/Refresh on the page.

Has anyone ever come across anything like this?

  • It does not seem to me to be specifically session problem. Did you ever try to remove all "protection" from the system and check only the session? To see if it expires on both browsers? If not, I recommend doing, to isolate the problems. Put a very low session time, and test on both browsers.

  • Yes, without the protection works smoothly. It seems to me that the problem occurs when the server intercepts the stream and redirects to the login page.

1 answer

1


It seems that the problem was in the login form, where the LOGIN button was a p:commandButton, being the default behavior of this component AJAX=TRUE!

Replace it with a

<input type="button"> 

and, at least until now, everything working!

Browser other questions tagged

You are not signed in. Login or sign up in order to post.