Forums

Home » Liferay Portal » English » 3. Development

Combination View Flat View Tree View
Threads [ Previous | Next ]
toggle
Faisal K
Redirecting to Login Page
February 11, 2010 2:54 AM
Answer

Faisal K

Rank: Regular Member

Posts: 138

Join Date: January 9, 2008

Recent Posts

Hi All,

Sub: Suggestion for implementing window state based redirecting of Login form, if the users session is expired.

When ever guest user accessing some page which he has now permission to view, Liferay is redirecting to Login Portlet, when I use Ajax calls to get some pages, in which the logged in Users session is expired, I want to load only the Login form(means if the requests window state is EXCLUSIVE),

waiting for the Suggestions.

Part of this I want to know, I am using lot of places ajax requests in my portlets, but liferay session extending mechanism is not taking ajax request as an activity(Liferay extends session only when a complete reloading of the page happens), and because of that user session expires when user is working in the portlet.


Regards,
Faisal.K
Shagul Khajamohideen
RE: Redirecting to Login Page
February 13, 2010 5:04 AM
Answer

Shagul Khajamohideen

Rank: Liferay Master

Posts: 759

Join Date: September 27, 2007

Recent Posts

Hi,

I would suggest that you look into session.js and the extend_session.jsp that are used to extend a user session. This is an Ajax call that is made when a user clicks the button on the message that appears on the top bar.
Shown below is the message from language properties.
1
2"Warning! Due to inactivity, your session will expire in {0}. To extend your session another {1} minute(s), please press the <i>Extend</i> button."


You may be able to write a custom login and invoke that as a modal panel and let the user login again.

The below blog by Ray Auge may be useful.

Creating custom login front end

Hope this helps.

-Shagul
Faisal K
RE: Redirecting to Login Page
February 22, 2010 5:44 AM
Answer

Faisal K

Rank: Regular Member

Posts: 138

Join Date: January 9, 2008

Recent Posts

Looks fine,

But I want to know how to extend the session if the user is accessing the website via ajax, i don't want to send an extra ajax request every time i am accessing some pages via ajax,

when page reload happens session timer is being restarted, same way I want to restart the session timer both in tomcat and the Liferay Session.js when some ajax-loading(some thing like loading country via json(right now loading content by json also is not counting as an activity)).

Waiting for valuable inputs from Liferay Community.

Regards,
Faisal.K
Shagul Khajamohideen
RE: Redirecting to Login Page
February 22, 2010 6:26 AM
Answer

Shagul Khajamohideen

Rank: Liferay Master

Posts: 759

Join Date: September 27, 2007

Recent Posts

Hi Faisal,

Check this post. You may have a similar issue.

https://www.liferay.com/web/guest/community/forums/-/message_boards/message/909845

Best Regards,
Shagul
Faisal K
RE: Redirecting to Login Page
February 22, 2010 9:01 AM
Answer

Faisal K

Rank: Regular Member

Posts: 138

Join Date: January 9, 2008

Recent Posts

Thanks,

My Problem has nothing to do with Session sharing with portlet and servlet. this is something which liferay is not taking care when expiring the session using the session.js

This is what I understood about expiring the session in Liferay works,

1. there is a default session timeout in tomcat, any way irrespective whether session.js expires the session, automatically tomcat session will expire.
2. Liferay, has a session timer which is the value from portal.properties which will be used to fire an ajax request to expire the session, and based on the configuration in portal.properties browser window will be redirected to either home page or just show an error message that your session is expired.
3. but this timer, is reset only when the Page is reloaded completely(html body onLoad).
4. My Problem, is I have a some portlet, which serves some content by ajax(no page relaod happens), for the user he is still working, but suddenly my browser tells - your session is going to expire as no activity is found,
5. to solve this I can extend my session whene ever i am doing an ajax call, but that seems to be a wrong way of extending the session.
6. now I want some suggestion, is there any possibility, that i can reset the tomcat session, java script Session Timer.

Alex Wallace
RE: Redirecting to Login Page
February 22, 2010 9:50 AM
Answer

Alex Wallace

Rank: Liferay Master

Posts: 640

Join Date: November 4, 2007

Recent Posts

This is what I run to do just what you are saying:

With every ajax call i run this:

1
2 try { if ('noWarning' == mySessionRenewAtWarning()) { mySessionRenew(); } } catch(e) {} "


which in trun uses:

 1
 2                                function mySessionRenewAtWarning(){
 3                                    var jqryWarn = new jQuery;
 4                                    var warnElm = jqryWarn.find('.popup-alert-notice');
 5                                    if (warnElm.length > 0) {
 6                                        // Match content of warning with session expiration warning language
 7                                        if (Liferay.Language.get('warning-your-session-will-expire').indexOf(warnElm[0].firstChild.nodeValue) == 0) {
 8                                            // click the extend button
 9                                            warnElm.find('.popup-alert-close').click();
10                                            return true;
11                                        }
12                                    }
13                                    return "noWarning";
14                                }
15                               
16                                // Renews the session and resets the client timer
17                                function mySessionRenew() {
18                                    if (Liferay.Session._stateCheck) {
19                                        window.clearTimeout(Liferay.Session._stateCheck);
20                                        Liferay.Session._stateCheck = null;
21                                    }
22                                    Liferay.Session.init(
23                                    {
24                                        autoExtend: <%= PropsValues.SESSION_TIMEOUT_AUTO_EXTEND %>,
25                                        timeout: <%= sessionTimeout %>,
26                                        timeoutWarning: <%= sessionTimeoutWarning %>,
27                                        redirectOnExpiration: <%= PropsValues.SESSION_TIMEOUT_REDIRECT_ON_EXPIRE %>
28                                    }
29                                    );
30                                    jQuery.ajax(
31                                    {
32                                        url: Liferay.Session._sessionUrls.extend
33                                    }
34                                    );
35                                }


I added this code to session_timeout.jsp but anywhere that is available and has the data needed to initialize the counter should work.

It is a bit messy but it is the best way i figured that would work... As you can see, it will extend the session if the warning was been shown and also if it was not. The renew part has to reset the counter in the browser. Just touching the tomcat session was not enough, tomcat may extended but the browser would keep counting.

Hope this helps
Faisal K
RE: Redirecting to Login Page
February 23, 2010 4:31 AM
Answer

Faisal K

Rank: Regular Member

Posts: 138

Join Date: January 9, 2008

Recent Posts

Thanks Alex,

It looks like good bet for my situation, I all ready did something like this,

But problem comes when some one has opened two browser tabs(typical example in Mozilla) and in each tab the session timer may have different values and will show our warning at different times,

Javascript based solution will be perfect if I am doing some activity using ajax in one tab alone(we can reset the timer).

But if some one tries to access the website in which the session is being expired from another tab, but not in the current tab, i will get the ugly(full Login page with Logo and all int he div i am reloading) because logged in session is expired from the other tab. So I want to implement a solution where we can load the login form alone based on the Window state of the request from the server, so that i don't have to check the session timer every time i do some activity via ajax.


Regards,
Faisal.K
Alex Wallace
RE: Redirecting to Login Page
February 23, 2010 8:25 AM
Answer

Alex Wallace

Rank: Liferay Master

Posts: 640

Join Date: November 4, 2007

Recent Posts

you definitely have a point. please share whatever you come up with.
Faisal K
RE: Redirecting to Login Page
February 25, 2010 4:10 AM
Answer

Faisal K

Rank: Regular Member

Posts: 138

Join Date: January 9, 2008

Recent Posts

Hi All,

I don't have much time to debug Liferay code now, can any body tell where exactly we are calling the 'servlet.service.events.pre' classes, I am planning to do some modification in the ServiceEventPreAction.
Faisal K
RE: Redirecting to Login Page
February 26, 2010 3:45 AM
Answer

Faisal K

Rank: Regular Member

Posts: 138

Join Date: January 9, 2008

Recent Posts

I figure out where exactly is redirect happening in Liferay if Some one tries to access Layout in which guest user has no access.

1
2protected void processServicePrePrincipalException(
3            Throwable t, long userId, HttpServletRequest request,
4            HttpServletResponse response)
5        throws IOException, ServletException {
6
7        ..................
8    }


Now I have to make the window state to the visitors window state. now I need to find out how to get the windowstate from the HTTP request,

Is there any API which I can use to get Windowstate from HTTP Request?.
any Idea .....

Regards,
Faisal.K
Faisal K
RE: Redirecting to Login Page
February 26, 2010 10:15 AM
Answer

Faisal K

Rank: Regular Member

Posts: 138

Join Date: January 9, 2008

Recent Posts

Hi All,

Which will be the best way to override MainServlet, I modified using ext-impl but seems to be not working properly.


Regards,
Faisal.K
Faisal K
RE: Redirecting to Login Page
March 1, 2010 4:45 AM
Answer

Faisal K

Rank: Regular Member

Posts: 138

Join Date: January 9, 2008

Recent Posts

Hi All,

I override the method and now getting /c/portal/login with window state as 'exclusive', but now the porblem is /c/portal/login is redirecting to web/guest/home(login portlet url) with window state as 'maximised'.

So now I have to override one more method where /c/portal/login is converted to login portlet url -- I put Liferay in debug mode and did'nt find the exact place where this url redirect happening, any insight in to this is really appreciable.
Faisal K
RE: Redirecting to Login Page
March 1, 2010 6:20 AM
Answer

Faisal K

Rank: Regular Member

Posts: 138

Join Date: January 9, 2008

Recent Posts

Hello Alex,

Do you have any idea, Login through Ajax request is Secure?, is there any possiblity of security issue if we use ajax to login.


your thoughts will be really appreciable.

regards,
Faisal.K
Alex Wallace
RE: Redirecting to Login Page
March 2, 2010 2:59 PM
Answer

Alex Wallace

Rank: Liferay Master

Posts: 640

Join Date: November 4, 2007

Recent Posts

I would say it is as secure/insecure as logging in through a regular full page sumbit as long as your validation is done on the server side as it is with a regular full page sumbit.
Faisal K
[SOLVED]RE: Redirecting to Login Page
March 3, 2010 1:18 AM
Answer

Faisal K

Rank: Regular Member

Posts: 138

Join Date: January 9, 2008

Recent Posts

Thanks Alex,

That is really a pretty answer, any way I am playing with jQuery tree, and loading nodes via ajax, I did all the modification and now satisfied by showing the Session Expiry Message in the tree node instead of showing Login form you can have a look in to the screen shot.
Attachment

Attachments: Tree.png (9.7k)
Alex Wallace
RE: [SOLVED]RE: Redirecting to Login Page
March 3, 2010 8:56 AM
Answer

Alex Wallace

Rank: Liferay Master

Posts: 640

Join Date: November 4, 2007

Recent Posts

Looks neat!
Richie Hao
RE: Redirecting to Login Page
January 18, 2011 12:49 AM
Answer

Richie Hao

Rank: New Member

Posts: 7

Join Date: December 10, 2010

Recent Posts

Hi,
How did you rewrite
1processServicePrePrincipalException
and made /c/portal/login as the default page if user does not login?

Thanks,
Richie
Nicky David
RE: Redirecting to Login Page
April 21, 2011 10:46 PM
Answer

Nicky David

Rank: New Member

Posts: 5

Join Date: April 7, 2011

Recent Posts

Alex,

Can you please clarify in your code, where the values for sessionTimeout and sessionTimeoutWarning come from?

I am starting out new to Liferay and have a long way to go. Will greatly appreciate if you can help me understand.

Thanks,
Nicky
Zach Smith
RE: Redirecting to Login Page
September 19, 2011 5:53 AM
Answer

Zach Smith

Rank: New Member

Posts: 7

Join Date: August 30, 2011

Recent Posts

I know this is an old post, but I have a similar issue where as I am using an Iframe and when I do work in this iFrame I get the inactivity prompt. I am not refreshing screen, so therefore it doesn't refresh the timer. (If I understand how this works correctly) Is there anyway to tell liferay that I am doing work in an iFrame? I am not doing any AJAX calls, I just have another app running on IIS and I plug in that URL to the iframe.

Any thoughts?

Zach