New HttpSession Changes after Login?

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

New HttpSession Changes after Login?

JJ Fila
Hey all,

So I'd like to use an attribute set on the httpSession (it is set in a java servlet running on the same server) after logging into uPortal, but after I login the session changes, and I lose all the attributes. Does anyone know if there there is a way I could transfer over the attributes to the new session before it changes? Or use the same session?

- JJ

--
You received this message because you are subscribed to the Google Groups "uPortal Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
Visit this group at https://groups.google.com/a/apereo.org/group/uportal-user/.
Reply | Threaded
Open this post in threaded view
|

Re: New HttpSession Changes after Login?

JJ Fila
Just a note here: I found a function (public void onApplicationEvent(HttpSessionDestroyedEvent event)) in the class SessionIdTaggedCacheEntryPurger.java that is called after logging in and does still have my session attributes before it is destroyed. I don't think it'd be wise to change the functionality, but just digging.

On Thursday, March 7, 2019 at 4:13:14 PM UTC-5, JJ Fila wrote:
Hey all,

So I'd like to use an attribute set on the httpSession (it is set in a java servlet running on the same server) after logging into uPortal, but after I login the session changes, and I lose all the attributes. Does anyone know if there there is a way I could transfer over the attributes to the new session before it changes? Or use the same session?

- JJ

--
You received this message because you are subscribed to the Google Groups "uPortal Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
Visit this group at https://groups.google.com/a/apereo.org/group/uportal-user/.
Reply | Threaded
Open this post in threaded view
|

Re: New HttpSession Changes after Login?

Jackson, Allan

Are you using the sessionCookiePath (or emptySessionPath) tomcat setting as described here? <a href="https://apereo.atlassian.net/wiki/spaces/UPM43/pages/103949017/Building&#43;and&#43;Deploying&#43;uPortal"> https://apereo.atlassian.net/wiki/spaces/UPM43/pages/103949017/Building+and+Deploying+uPortal

 

We used to have a lot of session issues before we started using that option.

 

Allan

 

From: <[hidden email]> on behalf of JJ Fila <[hidden email]>
Date: Thursday, March 7, 2019 at 4:35 PM
To: uPortal Community <[hidden email]>
Subject: [uportal-user] Re: New HttpSession Changes after Login?

 

Just a note here: I found a function (public void onApplicationEvent(HttpSessionDestroyedEvent event)) in the class SessionIdTaggedCacheEntryPurger.java that is called after logging in and does still have my session attributes before it is destroyed. I don't think it'd be wise to change the functionality, but just digging.

On Thursday, March 7, 2019 at 4:13:14 PM UTC-5, JJ Fila wrote:

Hey all,

 

So I'd like to use an attribute set on the httpSession (it is set in a java servlet running on the same server) after logging into uPortal, but after I login the session changes, and I lose all the attributes. Does anyone know if there there is a way I could transfer over the attributes to the new session before it changes? Or use the same session?

 

- JJ

--
You received this message because you are subscribed to the Google Groups "uPortal Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
Visit this group at https://groups.google.com/a/apereo.org/group/uportal-user/.

--
You received this message because you are subscribed to the Google Groups "uPortal Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
Visit this group at https://groups.google.com/a/apereo.org/group/uportal-user/.
Reply | Threaded
Open this post in threaded view
|

Re: New HttpSession Changes after Login?

JJ Fila
Hey Allan,

Thanks for your reply. We did not have that set - thought that might be it. Unfortunately the session still changes after login. Darn. Good suggestion, probably needed to do that anyway.

Still thinking...

JJ

On Thursday, March 7, 2019 at 5:39:02 PM UTC-5, Jackson, Allan wrote:

Are you using the sessionCookiePath (or emptySessionPath) tomcat setting as described here? <a href="https://apereo.atlassian.net/wiki/spaces/UPM43/pages/103949017/Building+and+Deploying+uPortal" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fapereo.atlassian.net%2Fwiki%2Fspaces%2FUPM43%2Fpages%2F103949017%2FBuilding%2Band%2BDeploying%2BuPortal\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNGBa3Pq9-VB0_B-piqCrMVxYxXH3Q&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fapereo.atlassian.net%2Fwiki%2Fspaces%2FUPM43%2Fpages%2F103949017%2FBuilding%2Band%2BDeploying%2BuPortal\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNGBa3Pq9-VB0_B-piqCrMVxYxXH3Q&#39;;return true;"> https://apereo.atlassian.net/wiki/spaces/UPM43/pages/103949017/Building+and+Deploying+uPortal

 

We used to have a lot of session issues before we started using that option.

 

Allan

 

From: <<a href="javascript:" target="_blank" gdf-obfuscated-mailto="H8rRkGveCAAJ" rel="nofollow" onmousedown="this.href=&#39;javascript:&#39;;return true;" onclick="this.href=&#39;javascript:&#39;;return true;">uporta...@...> on behalf of JJ Fila <<a href="javascript:" target="_blank" gdf-obfuscated-mailto="H8rRkGveCAAJ" rel="nofollow" onmousedown="this.href=&#39;javascript:&#39;;return true;" onclick="this.href=&#39;javascript:&#39;;return true;">justi...@...>
Date: Thursday, March 7, 2019 at 4:35 PM
To: uPortal Community <<a href="javascript:" target="_blank" gdf-obfuscated-mailto="H8rRkGveCAAJ" rel="nofollow" onmousedown="this.href=&#39;javascript:&#39;;return true;" onclick="this.href=&#39;javascript:&#39;;return true;">uporta...@...>
Subject: [uportal-user] Re: New HttpSession Changes after Login?

 

Just a note here: I found a function (public void onApplicationEvent(HttpSessionDestroyedEvent event)) in the class SessionIdTaggedCacheEntryPurger.java that is called after logging in and does still have my session attributes before it is destroyed. I don't think it'd be wise to change the functionality, but just digging.

On Thursday, March 7, 2019 at 4:13:14 PM UTC-5, JJ Fila wrote:

Hey all,

 

So I'd like to use an attribute set on the httpSession (it is set in a java servlet running on the same server) after logging into uPortal, but after I login the session changes, and I lose all the attributes. Does anyone know if there there is a way I could transfer over the attributes to the new session before it changes? Or use the same session?

 

- JJ

--
You received this message because you are subscribed to the Google Groups "uPortal Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to <a href="javascript:" target="_blank" gdf-obfuscated-mailto="H8rRkGveCAAJ" rel="nofollow" onmousedown="this.href=&#39;javascript:&#39;;return true;" onclick="this.href=&#39;javascript:&#39;;return true;">uportal-user...@apereo.org.
Visit this group at <a href="https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fa%2Fapereo.org%2Fgroup%2Fuportal-user%2F&amp;data=02%7C01%7Callanjackson%40ku.edu%7Cc62e9721cd1e4ea8755208d6a34d28fd%7C3c176536afe643f5b96636feabbe3c1a%7C0%7C0%7C636875949133977769&amp;sdata=4UIc0fXeBl9fFd3o7Q2YspmJAoSevx%2B4vjAIlz4ceDI%3D&amp;reserved=0" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fnam01.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fgroups.google.com%252Fa%252Fapereo.org%252Fgroup%252Fuportal-user%252F%26data%3D02%257C01%257Callanjackson%2540ku.edu%257Cc62e9721cd1e4ea8755208d6a34d28fd%257C3c176536afe643f5b96636feabbe3c1a%257C0%257C0%257C636875949133977769%26sdata%3D4UIc0fXeBl9fFd3o7Q2YspmJAoSevx%252B4vjAIlz4ceDI%253D%26reserved%3D0\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNE_tS-k0nYCMH8CQFf2-GcqzXDv3g&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fnam01.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fgroups.google.com%252Fa%252Fapereo.org%252Fgroup%252Fuportal-user%252F%26data%3D02%257C01%257Callanjackson%2540ku.edu%257Cc62e9721cd1e4ea8755208d6a34d28fd%257C3c176536afe643f5b96636feabbe3c1a%257C0%257C0%257C636875949133977769%26sdata%3D4UIc0fXeBl9fFd3o7Q2YspmJAoSevx%252B4vjAIlz4ceDI%253D%26reserved%3D0\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNE_tS-k0nYCMH8CQFf2-GcqzXDv3g&#39;;return true;"> https://groups.google.com/a/apereo.org/group/uportal-user/.

--
You received this message because you are subscribed to the Google Groups "uPortal Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
Visit this group at https://groups.google.com/a/apereo.org/group/uportal-user/.
Reply | Threaded
Open this post in threaded view
|

Re: New HttpSession Changes after Login?

JJ Fila
Hey just wanted to follow up here and see if anyone might have any another ideas? I'm a little stuck unfortunately

JJ

On Friday, March 8, 2019 at 3:20:28 PM UTC-5, JJ Fila wrote:
Hey Allan,

Thanks for your reply. We did not have that set - thought that might be it. Unfortunately the session still changes after login. Darn. Good suggestion, probably needed to do that anyway.

Still thinking...

JJ

On Thursday, March 7, 2019 at 5:39:02 PM UTC-5, Jackson, Allan wrote:

Are you using the sessionCookiePath (or emptySessionPath) tomcat setting as described here? <a href="https://apereo.atlassian.net/wiki/spaces/UPM43/pages/103949017/Building+and+Deploying+uPortal" rel="nofollow" target="_blank" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fapereo.atlassian.net%2Fwiki%2Fspaces%2FUPM43%2Fpages%2F103949017%2FBuilding%2Band%2BDeploying%2BuPortal\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNGBa3Pq9-VB0_B-piqCrMVxYxXH3Q&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fapereo.atlassian.net%2Fwiki%2Fspaces%2FUPM43%2Fpages%2F103949017%2FBuilding%2Band%2BDeploying%2BuPortal\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNGBa3Pq9-VB0_B-piqCrMVxYxXH3Q&#39;;return true;"> https://apereo.atlassian.net/wiki/spaces/UPM43/pages/103949017/Building+and+Deploying+uPortal

 

We used to have a lot of session issues before we started using that option.

 

Allan

 

From: <[hidden email]> on behalf of JJ Fila <[hidden email]>
Date: Thursday, March 7, 2019 at 4:35 PM
To: uPortal Community <[hidden email]>
Subject: [uportal-user] Re: New HttpSession Changes after Login?

 

Just a note here: I found a function (public void onApplicationEvent(HttpSessionDestroyedEvent event)) in the class SessionIdTaggedCacheEntryPurger.java that is called after logging in and does still have my session attributes before it is destroyed. I don't think it'd be wise to change the functionality, but just digging.

On Thursday, March 7, 2019 at 4:13:14 PM UTC-5, JJ Fila wrote:

Hey all,

 

So I'd like to use an attribute set on the httpSession (it is set in a java servlet running on the same server) after logging into uPortal, but after I login the session changes, and I lose all the attributes. Does anyone know if there there is a way I could transfer over the attributes to the new session before it changes? Or use the same session?

 

- JJ

--
You received this message because you are subscribed to the Google Groups "uPortal Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
Visit this group at <a href="https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fa%2Fapereo.org%2Fgroup%2Fuportal-user%2F&amp;data=02%7C01%7Callanjackson%40ku.edu%7Cc62e9721cd1e4ea8755208d6a34d28fd%7C3c176536afe643f5b96636feabbe3c1a%7C0%7C0%7C636875949133977769&amp;sdata=4UIc0fXeBl9fFd3o7Q2YspmJAoSevx%2B4vjAIlz4ceDI%3D&amp;reserved=0" rel="nofollow" target="_blank" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fnam01.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fgroups.google.com%252Fa%252Fapereo.org%252Fgroup%252Fuportal-user%252F%26data%3D02%257C01%257Callanjackson%2540ku.edu%257Cc62e9721cd1e4ea8755208d6a34d28fd%257C3c176536afe643f5b96636feabbe3c1a%257C0%257C0%257C636875949133977769%26sdata%3D4UIc0fXeBl9fFd3o7Q2YspmJAoSevx%252B4vjAIlz4ceDI%253D%26reserved%3D0\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNE_tS-k0nYCMH8CQFf2-GcqzXDv3g&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fnam01.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fgroups.google.com%252Fa%252Fapereo.org%252Fgroup%252Fuportal-user%252F%26data%3D02%257C01%257Callanjackson%2540ku.edu%257Cc62e9721cd1e4ea8755208d6a34d28fd%257C3c176536afe643f5b96636feabbe3c1a%257C0%257C0%257C636875949133977769%26sdata%3D4UIc0fXeBl9fFd3o7Q2YspmJAoSevx%252B4vjAIlz4ceDI%253D%26reserved%3D0\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNE_tS-k0nYCMH8CQFf2-GcqzXDv3g&#39;;return true;"> https://groups.google.com/a/apereo.org/group/uportal-user/.

--
You received this message because you are subscribed to the Google Groups "uPortal Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
Visit this group at https://groups.google.com/a/apereo.org/group/uportal-user/.
Reply | Threaded
Open this post in threaded view
|

Re: New HttpSession Changes after Login?

JJ Fila
Update on this:

tldr -  I want to modify LoginController.java to check for redirect parameter. Is there a better way?

The original intension of using the httpSession attribute was to redirect to the url specified in the attribute. However, I am forwarding from a java servlet to the login page, and found that I'm able to pass a redirect URL through the request to the LoginController by setting the "refUrl" parameter. The problem is that refUrl is only allowed to be a local redirect. I could modify the LoginController to accommodate this, but as far as I know that is not the intention of this codebase correct?

Thanks!
JJ

On Thursday, March 21, 2019 at 5:57:59 PM UTC-4, JJ Fila wrote:
Hey just wanted to follow up here and see if anyone might have any another ideas? I'm a little stuck unfortunately

JJ

On Friday, March 8, 2019 at 3:20:28 PM UTC-5, JJ Fila wrote:
Hey Allan,

Thanks for your reply. We did not have that set - thought that might be it. Unfortunately the session still changes after login. Darn. Good suggestion, probably needed to do that anyway.

Still thinking...

JJ

On Thursday, March 7, 2019 at 5:39:02 PM UTC-5, Jackson, Allan wrote:

Are you using the sessionCookiePath (or emptySessionPath) tomcat setting as described here? <a href="https://apereo.atlassian.net/wiki/spaces/UPM43/pages/103949017/Building+and+Deploying+uPortal" rel="nofollow" target="_blank" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fapereo.atlassian.net%2Fwiki%2Fspaces%2FUPM43%2Fpages%2F103949017%2FBuilding%2Band%2BDeploying%2BuPortal\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNGBa3Pq9-VB0_B-piqCrMVxYxXH3Q&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fapereo.atlassian.net%2Fwiki%2Fspaces%2FUPM43%2Fpages%2F103949017%2FBuilding%2Band%2BDeploying%2BuPortal\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNGBa3Pq9-VB0_B-piqCrMVxYxXH3Q&#39;;return true;"> https://apereo.atlassian.net/wiki/spaces/UPM43/pages/103949017/Building+and+Deploying+uPortal

 

We used to have a lot of session issues before we started using that option.

 

Allan

 

From: <[hidden email]> on behalf of JJ Fila <[hidden email]>
Date: Thursday, March 7, 2019 at 4:35 PM
To: uPortal Community <[hidden email]>
Subject: [uportal-user] Re: New HttpSession Changes after Login?

 

Just a note here: I found a function (public void onApplicationEvent(HttpSessionDestroyedEvent event)) in the class SessionIdTaggedCacheEntryPurger.java that is called after logging in and does still have my session attributes before it is destroyed. I don't think it'd be wise to change the functionality, but just digging.

On Thursday, March 7, 2019 at 4:13:14 PM UTC-5, JJ Fila wrote:

Hey all,

 

So I'd like to use an attribute set on the httpSession (it is set in a java servlet running on the same server) after logging into uPortal, but after I login the session changes, and I lose all the attributes. Does anyone know if there there is a way I could transfer over the attributes to the new session before it changes? Or use the same session?

 

- JJ

--
You received this message because you are subscribed to the Google Groups "uPortal Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
Visit this group at <a href="https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fa%2Fapereo.org%2Fgroup%2Fuportal-user%2F&amp;data=02%7C01%7Callanjackson%40ku.edu%7Cc62e9721cd1e4ea8755208d6a34d28fd%7C3c176536afe643f5b96636feabbe3c1a%7C0%7C0%7C636875949133977769&amp;sdata=4UIc0fXeBl9fFd3o7Q2YspmJAoSevx%2B4vjAIlz4ceDI%3D&amp;reserved=0" rel="nofollow" target="_blank" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fnam01.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fgroups.google.com%252Fa%252Fapereo.org%252Fgroup%252Fuportal-user%252F%26data%3D02%257C01%257Callanjackson%2540ku.edu%257Cc62e9721cd1e4ea8755208d6a34d28fd%257C3c176536afe643f5b96636feabbe3c1a%257C0%257C0%257C636875949133977769%26sdata%3D4UIc0fXeBl9fFd3o7Q2YspmJAoSevx%252B4vjAIlz4ceDI%253D%26reserved%3D0\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNE_tS-k0nYCMH8CQFf2-GcqzXDv3g&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fnam01.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fgroups.google.com%252Fa%252Fapereo.org%252Fgroup%252Fuportal-user%252F%26data%3D02%257C01%257Callanjackson%2540ku.edu%257Cc62e9721cd1e4ea8755208d6a34d28fd%257C3c176536afe643f5b96636feabbe3c1a%257C0%257C0%257C636875949133977769%26sdata%3D4UIc0fXeBl9fFd3o7Q2YspmJAoSevx%252B4vjAIlz4ceDI%253D%26reserved%3D0\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNE_tS-k0nYCMH8CQFf2-GcqzXDv3g&#39;;return true;"> https://groups.google.com/a/apereo.org/group/uportal-user/.

--
You received this message because you are subscribed to the Google Groups "uPortal Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
Visit this group at https://groups.google.com/a/apereo.org/group/uportal-user/.
Reply | Threaded
Open this post in threaded view
|

Re: New HttpSession Changes after Login?

JJ Fila
Quick update again:

I modified LoginController.java to check for a value "RelayState" on the httpSession. If there is a value, and no previously set refUrl, it will redirect to the RelayState Url (which in my case is back to the Google service that redirected the user to our portal for login).

This seems to work fine, though when we upgrade to a newer portal I imagine there might be some merge conflicts with the LoginController file, which I'm sure can be easily handled but if anyone has a better suggestion I would love to know!

Thanks!
JJ 

On Monday, March 25, 2019 at 6:14:59 PM UTC-4, JJ Fila wrote:
Update on this:

tldr -  I want to modify LoginController.java to check for redirect parameter. Is there a better way?

The original intension of using the httpSession attribute was to redirect to the url specified in the attribute. However, I am forwarding from a java servlet to the login page, and found that I'm able to pass a redirect URL through the request to the LoginController by setting the "refUrl" parameter. The problem is that refUrl is only allowed to be a local redirect. I could modify the LoginController to accommodate this, but as far as I know that is not the intention of this codebase correct?

Thanks!
JJ

On Thursday, March 21, 2019 at 5:57:59 PM UTC-4, JJ Fila wrote:
Hey just wanted to follow up here and see if anyone might have any another ideas? I'm a little stuck unfortunately

JJ

On Friday, March 8, 2019 at 3:20:28 PM UTC-5, JJ Fila wrote:
Hey Allan,

Thanks for your reply. We did not have that set - thought that might be it. Unfortunately the session still changes after login. Darn. Good suggestion, probably needed to do that anyway.

Still thinking...

JJ

On Thursday, March 7, 2019 at 5:39:02 PM UTC-5, Jackson, Allan wrote:

Are you using the sessionCookiePath (or emptySessionPath) tomcat setting as described here? <a href="https://apereo.atlassian.net/wiki/spaces/UPM43/pages/103949017/Building+and+Deploying+uPortal" rel="nofollow" target="_blank" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fapereo.atlassian.net%2Fwiki%2Fspaces%2FUPM43%2Fpages%2F103949017%2FBuilding%2Band%2BDeploying%2BuPortal\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNGBa3Pq9-VB0_B-piqCrMVxYxXH3Q&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fapereo.atlassian.net%2Fwiki%2Fspaces%2FUPM43%2Fpages%2F103949017%2FBuilding%2Band%2BDeploying%2BuPortal\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNGBa3Pq9-VB0_B-piqCrMVxYxXH3Q&#39;;return true;"> https://apereo.atlassian.net/wiki/spaces/UPM43/pages/103949017/Building+and+Deploying+uPortal

 

We used to have a lot of session issues before we started using that option.

 

Allan

 

From: <[hidden email]> on behalf of JJ Fila <[hidden email]>
Date: Thursday, March 7, 2019 at 4:35 PM
To: uPortal Community <[hidden email]>
Subject: [uportal-user] Re: New HttpSession Changes after Login?

 

Just a note here: I found a function (public void onApplicationEvent(HttpSessionDestroyedEvent event)) in the class SessionIdTaggedCacheEntryPurger.java that is called after logging in and does still have my session attributes before it is destroyed. I don't think it'd be wise to change the functionality, but just digging.

On Thursday, March 7, 2019 at 4:13:14 PM UTC-5, JJ Fila wrote:

Hey all,

 

So I'd like to use an attribute set on the httpSession (it is set in a java servlet running on the same server) after logging into uPortal, but after I login the session changes, and I lose all the attributes. Does anyone know if there there is a way I could transfer over the attributes to the new session before it changes? Or use the same session?

 

- JJ

--
You received this message because you are subscribed to the Google Groups "uPortal Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
Visit this group at <a href="https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fa%2Fapereo.org%2Fgroup%2Fuportal-user%2F&amp;data=02%7C01%7Callanjackson%40ku.edu%7Cc62e9721cd1e4ea8755208d6a34d28fd%7C3c176536afe643f5b96636feabbe3c1a%7C0%7C0%7C636875949133977769&amp;sdata=4UIc0fXeBl9fFd3o7Q2YspmJAoSevx%2B4vjAIlz4ceDI%3D&amp;reserved=0" rel="nofollow" target="_blank" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fnam01.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fgroups.google.com%252Fa%252Fapereo.org%252Fgroup%252Fuportal-user%252F%26data%3D02%257C01%257Callanjackson%2540ku.edu%257Cc62e9721cd1e4ea8755208d6a34d28fd%257C3c176536afe643f5b96636feabbe3c1a%257C0%257C0%257C636875949133977769%26sdata%3D4UIc0fXeBl9fFd3o7Q2YspmJAoSevx%252B4vjAIlz4ceDI%253D%26reserved%3D0\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNE_tS-k0nYCMH8CQFf2-GcqzXDv3g&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fnam01.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fgroups.google.com%252Fa%252Fapereo.org%252Fgroup%252Fuportal-user%252F%26data%3D02%257C01%257Callanjackson%2540ku.edu%257Cc62e9721cd1e4ea8755208d6a34d28fd%257C3c176536afe643f5b96636feabbe3c1a%257C0%257C0%257C636875949133977769%26sdata%3D4UIc0fXeBl9fFd3o7Q2YspmJAoSevx%252B4vjAIlz4ceDI%253D%26reserved%3D0\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNE_tS-k0nYCMH8CQFf2-GcqzXDv3g&#39;;return true;"> https://groups.google.com/a/apereo.org/group/uportal-user/.

--
You received this message because you are subscribed to the Google Groups "uPortal Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
Visit this group at https://groups.google.com/a/apereo.org/group/uportal-user/.
Reply | Threaded
Open this post in threaded view
|

Re: New HttpSession Changes after Login?

JJ Fila
Hey one more followup question on this:

I am trying to redirect from the portal login to a URL that I get from the google redirect that looks like this: https://accounts.google.com/CheckCookie?continue=https...<shortened for readability>

However, I am getting an error in the browser (no matter which browser I try) that I need to turn on cookies, however cookies are already on. In that URL there is a parameter passed named "CheckCookie" which looks suspicious. I can't seem to track down the issue, however. I thought there might be some constraints with Cookies set in uPortal?

Has anyone run into something like this before?

Would love to get any thoughts, 

Thanks!
JJ

On Thursday, March 28, 2019 at 5:46:00 PM UTC-4, JJ Fila wrote:
Quick update again:

I modified LoginController.java to check for a value "RelayState" on the httpSession. If there is a value, and no previously set refUrl, it will redirect to the RelayState Url (which in my case is back to the Google service that redirected the user to our portal for login).

This seems to work fine, though when we upgrade to a newer portal I imagine there might be some merge conflicts with the LoginController file, which I'm sure can be easily handled but if anyone has a better suggestion I would love to know!

Thanks!
JJ 

On Monday, March 25, 2019 at 6:14:59 PM UTC-4, JJ Fila wrote:
Update on this:

tldr -  I want to modify LoginController.java to check for redirect parameter. Is there a better way?

The original intension of using the httpSession attribute was to redirect to the url specified in the attribute. However, I am forwarding from a java servlet to the login page, and found that I'm able to pass a redirect URL through the request to the LoginController by setting the "refUrl" parameter. The problem is that refUrl is only allowed to be a local redirect. I could modify the LoginController to accommodate this, but as far as I know that is not the intention of this codebase correct?

Thanks!
JJ

On Thursday, March 21, 2019 at 5:57:59 PM UTC-4, JJ Fila wrote:
Hey just wanted to follow up here and see if anyone might have any another ideas? I'm a little stuck unfortunately

JJ

On Friday, March 8, 2019 at 3:20:28 PM UTC-5, JJ Fila wrote:
Hey Allan,

Thanks for your reply. We did not have that set - thought that might be it. Unfortunately the session still changes after login. Darn. Good suggestion, probably needed to do that anyway.

Still thinking...

JJ

On Thursday, March 7, 2019 at 5:39:02 PM UTC-5, Jackson, Allan wrote:

Are you using the sessionCookiePath (or emptySessionPath) tomcat setting as described here? <a href="https://apereo.atlassian.net/wiki/spaces/UPM43/pages/103949017/Building+and+Deploying+uPortal" rel="nofollow" target="_blank" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fapereo.atlassian.net%2Fwiki%2Fspaces%2FUPM43%2Fpages%2F103949017%2FBuilding%2Band%2BDeploying%2BuPortal\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNGBa3Pq9-VB0_B-piqCrMVxYxXH3Q&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fapereo.atlassian.net%2Fwiki%2Fspaces%2FUPM43%2Fpages%2F103949017%2FBuilding%2Band%2BDeploying%2BuPortal\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNGBa3Pq9-VB0_B-piqCrMVxYxXH3Q&#39;;return true;"> https://apereo.atlassian.net/wiki/spaces/UPM43/pages/103949017/Building+and+Deploying+uPortal

 

We used to have a lot of session issues before we started using that option.

 

Allan

 

From: <[hidden email]> on behalf of JJ Fila <[hidden email]>
Date: Thursday, March 7, 2019 at 4:35 PM
To: uPortal Community <[hidden email]>
Subject: [uportal-user] Re: New HttpSession Changes after Login?

 

Just a note here: I found a function (public void onApplicationEvent(HttpSessionDestroyedEvent event)) in the class SessionIdTaggedCacheEntryPurger.java that is called after logging in and does still have my session attributes before it is destroyed. I don't think it'd be wise to change the functionality, but just digging.

On Thursday, March 7, 2019 at 4:13:14 PM UTC-5, JJ Fila wrote:

Hey all,

 

So I'd like to use an attribute set on the httpSession (it is set in a java servlet running on the same server) after logging into uPortal, but after I login the session changes, and I lose all the attributes. Does anyone know if there there is a way I could transfer over the attributes to the new session before it changes? Or use the same session?

 

- JJ

--
You received this message because you are subscribed to the Google Groups "uPortal Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
Visit this group at <a href="https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fa%2Fapereo.org%2Fgroup%2Fuportal-user%2F&amp;data=02%7C01%7Callanjackson%40ku.edu%7Cc62e9721cd1e4ea8755208d6a34d28fd%7C3c176536afe643f5b96636feabbe3c1a%7C0%7C0%7C636875949133977769&amp;sdata=4UIc0fXeBl9fFd3o7Q2YspmJAoSevx%2B4vjAIlz4ceDI%3D&amp;reserved=0" rel="nofollow" target="_blank" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fnam01.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fgroups.google.com%252Fa%252Fapereo.org%252Fgroup%252Fuportal-user%252F%26data%3D02%257C01%257Callanjackson%2540ku.edu%257Cc62e9721cd1e4ea8755208d6a34d28fd%257C3c176536afe643f5b96636feabbe3c1a%257C0%257C0%257C636875949133977769%26sdata%3D4UIc0fXeBl9fFd3o7Q2YspmJAoSevx%252B4vjAIlz4ceDI%253D%26reserved%3D0\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNE_tS-k0nYCMH8CQFf2-GcqzXDv3g&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fnam01.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fgroups.google.com%252Fa%252Fapereo.org%252Fgroup%252Fuportal-user%252F%26data%3D02%257C01%257Callanjackson%2540ku.edu%257Cc62e9721cd1e4ea8755208d6a34d28fd%257C3c176536afe643f5b96636feabbe3c1a%257C0%257C0%257C636875949133977769%26sdata%3D4UIc0fXeBl9fFd3o7Q2YspmJAoSevx%252B4vjAIlz4ceDI%253D%26reserved%3D0\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNE_tS-k0nYCMH8CQFf2-GcqzXDv3g&#39;;return true;"> https://groups.google.com/a/apereo.org/group/uportal-user/.

--
You received this message because you are subscribed to the Google Groups "uPortal Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
Visit this group at https://groups.google.com/a/apereo.org/group/uportal-user/.