1

I have an JSF Primefaces application which on one page shows an iFrame. In this iFrame the user can work for quite a while, afterwards he can press a button which navigates to one of my JSF handled pages. I implemented this using the window.parent.postMessage event, this works well.

But still there remains one problem: While working in the iFrame, the Session times out and the user gets redirected to the login screen.

I already tried using
<p:poll interval="1500" listener="#{bean.interact}"/>
with

public String interact() {
        HttpSession session = (HttpSession) FacesContext.getCurrentInstance().getExternalContext().getSession(false);
        ((HttpServletRequest) FacesContext.getCurrentInstance().getExternalContext().getRequest()).getSession(false);
        return null;
    }

in order to keep the session alive. In my interact function I tried different things. I read in other StackOverflow posts that getting the session should be enough to keep it open.

Debugging the function shows that session.getLastAccessedTime() is updated every time the poll is executing. The session ID is always the same.

But still, after my defined session timeout, the user gets redirected to the login screen the moment the poll is fired.

My .xhtml file hosting the frame looks as follows:

<ui:define name="content">
    <h:form>
        <p:remoteCommand name="finish" action="#{bean.finish()}"/>
        <p:remoteCommand name="back" action="#{bean.back()}"/>
        <script type="text/javascript">
            window.addEventListener('message', (e) => {
                if(e.data === 'finished') {
                    finish();
                } else if(e.data === 'back') {
                    back();
                }
            });
        </script>
        <iframe src="https://myUrl/#{bean.queryParameterEncrypted()}"/>
        <p:poll interval="1500" listener="#{bean.interact}"/>
    </h:form>
</ui:define>
philipp8230
  • 33
  • 1
  • 5
  • I want to add that we are using the iframe in the page because we slowly want to move away from JSF to Angular, so we added the iframe in our JSF application. – philipp8230 Dec 20 '22 at 07:28
  • Which application server are you using? How do you manage the login session(ldap/AD/...)? – WoAiNii Dec 20 '22 at 21:39
  • @WoAiNii I'm using a TomEE 9.0.52 Server. To be honest, I don't get what you mean with the second part of your question but still I try to feed you with some more information. I specified a session timeout in my web.xml file, which I then increase to 30 minutes in case of successful login. The user gets assigned a JSESSIONID, which is used for the HttpSession Object. – philipp8230 Dec 22 '22 at 14:15
  • When you look at the cookie with JSESSIONID what's its expiration? Your solution seems similar to [these ones](https://stackoverflow.com/questions/8793064/keep-a-session-alive-for-an-indefinite-amount-of-time) so if they didn't work you could have something else that terminates your session or invalidate it. – WoAiNii Dec 22 '22 at 20:47

0 Answers0