JSF 1.1 request scope command link action not fired after session timeout

Question

I have a JSF1.1 page that contains several command links in it. This page is run under the request scope. The command link's action gets fired correctly if it is clicked before session timeout occurs. But if it is clicked after the session times out, the action method will not get called and clicking on it simply redisplays the current page.

Is this a normal behaviour? Is there a way to go around this?

score 0 · Answer 1 · answered Apr 19 '13 at 04:38

When session times out, Session ID in HttpServletRequest would become null and hence it won't be able to fulfill its functionality.

You can implement a filter (this adds some overhead for every click of yours on the page), to check if the session is still valid or not. If session is still valid then allow processing to carry on else redirect back to login page (or whatever).

Below is the code for filter.

public void doFilter(ServletRequest request,ServletResponse response, FilterChain filterChain) throws IOException,ServletException
    {

        if((request instanceof HttpServletRequest) && (response instanceof HttpServletResponse))
        {

            HttpServletRequest httpServletRequest = (HttpServletRequest) request;
            HttpServletResponse httpServletResponse = (HttpServletResponse) response;

               if (isSessionControlRequiredForThisResource(httpServletRequest)) {

                    // is session invalid?
                    if (isSessionInvalid(httpServletRequest)) {

                     String timeoutUrl = httpServletRequest.getContextPath() + "/" + getTimeOutPage();


                     httpServletResponse.sendRedirect(timeoutUrl);
                     return;
                    }
                   }
                  }
        filterChain.doFilter(request, response);
        }


    private boolean isSessionControlRequiredForThisResource(HttpServletRequest httpServletRequest) 
    {
          String requestPath = httpServletRequest.getRequestURI();

          boolean controlRequired = !StringUtils.contains(requestPath, getTimeOutPage());

          return controlRequired;
    }

    private boolean isSessionInvalid(HttpServletRequest httpServletRequest) 
    {


          boolean sessionInValid = (httpServletRequest.getRequestedSessionId() != null)
            && !httpServletRequest.isRequestedSessionIdValid();

          return sessionInValid;
    }

There is no signon for this particular page. It runs under request scope, which I was hoping that means it will survive session timeoout. Change state saving from server to client will probably fix the problem. But since change state saving method effects other JSF apps, I hesitate to do so... — HockChai Lim, Apr 19 '13 at 14:14

score 0 · Accepted Answer · edited Jun 20 '20 at 09:12

0

No, this is definitely not normal behavior. JSF should have thrown a ViewExpiredException here instead of simply redisplaying the page.

JSF 1.1 is a very buggy release. Upgrade to the latest JSF 1.2. JSF 1.1 development has stalled since JSF 1.2 release around 2006. Many, many issues have been fixed in JSF 1.2. Any JSF 1.0/1.1 application can be upgraded to JSF 1.2 without major trouble. Only if your application is incorrectly relying on some JSF 1.1 specific bug to be correct behavior, then your application might still break. So you should still test thoroughly after upgrading.

We are in the process of upgrading from websphere 6.1, which only support jsf1.1, to websphere 8.0. Once that is done, I plan to upgrade to jsf2.0. Why should a request scope bean gets ViewExpiredException? I can understand getting it on a session scoped bean – HockChai Lim Apr 19 '13 at 13:33
You can easily upgrade WAS5/6 to JSF 1.2 by just putting the JARs in webapp's `/WEB-INF/lib` and setting application classloading policy to `PARENT_LAST` in WAS config. – BalusC Apr 19 '13 at 13:36
As to the detailed explanation, please click the "See also" link(s) first. I never post them for decoration only. – BalusC Apr 19 '13 at 13:37
That is what I did to get WAS6.1 to use myfaces version of jsf1.1. By default it uses sun version of jsf. I'm working on converting them when have chance to do so. – HockChai Lim Apr 19 '13 at 13:41
Thank you. The detail explanation is very helpful. I also find this link that gives me a better understaning of state saving: http://www.jroller.com/mert/entry/state_saving_method_client_side. Seems a bit crazy to see jsf desgin a request scope that will not servive session timeout... – HockChai Lim Apr 19 '13 at 13:59

JSF 1.1 request scope command link action not fired after session timeout

2 Answers2

See also: