Expired sessions causing ViewExpiredExceptions

Description

When a session (both authenticated and anonymous) expires because of inactivity, and a user attempts to initiate an ajax call by clicking a link or a button, a ViewExpiredException will be thrown and the red error page will be shown.

In case of an authenticated session, the problem is agravated by the fact that the user is asked to log in first, and then is sent to an empty error page (as the error has already dissapeared from context).

There are ways to handle this exception to make it more user friendly:

  • Have an exception handler that captures the exception and redirects the user to the same page again, with a message indicating what happened.

  • Have an onAjaxError listener on the client side that parses the error response, and is able to determine when the error is caused by an expired session and handle it accordingly.

Zanata's currently short session timeout period doesn't help with this either.

Environment

None

Activity

Show:
Carlos Munoz
September 23, 2015, 1:17 AM

Once an excpetion is caught, we could try and either automatically refresh the most recent page with a warning message indicating what happened, and in cases where it's possible we could present the user the option to reload manually after informing what happened.

Ding-Yi Chen
August 24, 2015, 3:10 AM

Username: null
Category: org.apache.catalina.core.ContainerBase.[jboss.web].[default-host]./.[Faces Servlet]
Message: JBWEB000236: Servlet.service() for servlet Faces Servlet threw exception

javax.faces.application.ViewExpiredException: viewId:/account/login.seam - View /account/login.seam could not be restored.
at com.sun.faces.lifecycle.RestoreViewPhase.execute(RestoreViewPhase.java:205)
at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:101)
at com.sun.faces.lifecycle.RestoreViewPhase.doPhase(RestoreViewPhase.java:116)
at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:118)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:593)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:295)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214)
at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:832)
at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:620)
at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:553)
at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:482)
at org.tuckey.web.filters.urlrewrite.NormalRewrittenUrl.doRewrite(NormalRewrittenUrl.java:213)
at org.tuckey.web.filters.urlrewrite.RuleChain.handleRewrite(RuleChain.java:171)
at org.tuckey.web.filters.urlrewrite.RuleChain.doRules(RuleChain.java:145)
at org.tuckey.web.filters.urlrewrite.UrlRewriter.processRequest(UrlRewriter.java:92)
at org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:389)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214)
at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:83)
at org.jboss.seam.web.LoggingFilter.doFilter(LoggingFilter.java:60)
at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:73)
at org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:64)
at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
at org.jboss.seam.servlet.SeamFilter.doFilter(SeamFilter.java:158)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214)
at org.zanata.seam.interceptor.MonitoringWrapper.doFilter(MonitoringWrapper.java:67)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214)
at org.zanata.servlet.GWTCacheControlFilter.doFilter(GWTCacheControlFilter.java:61)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214)
at org.zanata.servlet.MDCInsertingServletFilter.doFilter(MDCInsertingServletFilter.java:58)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:231)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:149)
at org.jboss.as.jpa.interceptor.WebNonTxEmCloserValve.invoke(WebNonTxEmCloserValve.java:50)
at org.jboss.as.jpa.interceptor.WebNonTxEmCloserValve.invoke(WebNonTxEmCloserValve.java:50)
at org.jboss.security.negotiation.NegotiationAuthenticator$WrapperValve.invoke(NegotiationAuthenticator.java:491)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:420)
at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:145)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:344)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:653)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:926)
at java.lang.Thread.run(Thread.java:745)

Ready for Release

Assignee

Carlos Munoz

Reporter

Carlos Munoz

Tested Version/s

None

Components

Sprint

None

Fix versions

Affects versions

Priority

unspecified