Uploaded image for project: 'MyFaces CODI'
  1. MyFaces CODI
  2. EXTCDI-299

Session Cookie Configuration with Secure on non secure URL results in forever redirect loop

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Minor
    • Resolution: Unresolved
    • 1.0.5
    • None
    • JEE-JSF20-Module
    • None
    • Windows 7, JBoss AS 7.1.0.Final

    Description

      This occurs, because the session cookie of the webapp is configured to be secure, but if you don't access the application via https you get redirected forever.
      The reason for that is of course, that no session is available at the server side when the redirected request arrives at the server side.
      The only solution to that is, to supply a specialized WindowContextConfig#isUrlParameterSupported that returns false, but that results in ViewExpiredException on Postback.

      In my opinion CODI should somehow forward to an error page or so when this kind of configuration happens or don't redirect to use window ids at all.

      Attachments

        1. example.rar
          2 kB
          Christian Beikov

        Activity

          People

            Unassigned Unassigned
            christian.beikov Christian Beikov
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated: