0

We are working on this issue wherein we are opening a dialog (p:dialog) without clicking on YES/NO button of that dialog in a jsf page, we tampered the session id with some new values using tampered data plugin tool of firefox. in this case my session should get expire and page should redirect as session expire. but in actual the session is not expired and dialog box remains open. Please help us out in getting the solution. also we found that whenever we do not open dialog box and we just navigate to different tabs in a page and tampered the session id then the session gets expired which is expected. This does not work when we open a dialog in page. We want to expire session whenever we tampered session ID.

user3049383
  • 29
  • 5
  • In other words, you aren't hitting server when opening dialog? – BalusC Jul 17 '15 at 10:11
  • No we are not hitting server..Also strangely...when we tampered the session id at that time also the server does not get hit..thats the reason we are not able to track the issue. – user3049383 Jul 17 '15 at 10:19

1 Answers1

0

Just hit server when opening dialog.

I.e. do not do like

<p:commandButton ... onclick="dialogWidgetVar.show();return false;" />

But rather do like

<p:commandButton ... oncomplete="dialogWidgetVar.show();" />

Add if necessary update=":dialogId" to make sure dialog's contents is up to date with model.

BalusC
  • 1,082,665
  • 372
  • 3,610
  • 3,555
  • We tried all the solution mentioned in the link still we do not able to expire session.. – user3049383 Jul 17 '15 at 11:04
  • Let's take a step back. Perhaps there's a misunderstanding. What measurement/hook exactly did you use to verify if the server is hit? HTTP traffic monitor? Debug breakpoint? Logger? I of course meant that the client has sent a successful (postback) request to the server. You can easily track it in browser's HTTP traffic monitor (press F12, Network, etc). There should obviously be no JS errors in the console (but that's already mentioned/hinted in the link in previous comment and you have apparently already excluded that). – BalusC Jul 17 '15 at 16:07