At 05:51 PM 8/27/2001 -0400, David Casti wrote:
>I'm trying to use res.sendRedirect to manage an authentication process. I
>have it mostly working, but there is one unexpected behavior.
>Every web page has a banner which includes some PSP code:
> message = self.session().value('message')
> string1 = "[misc html deleted]"
> string2 = "[misc html deleted]"
> res.write(string1 + message + string2)
>This works great for passing around little messages like "Authentication
>failed" or "Welcome, user foo".
>Now I'm in the part of the process where every web page runs a quick check
>before displaying itself, to make sure that you are authorized to view
>it. That code looks like this:
># bounce to login screen if no auth info...
>if not self.session().hasValue('auth'):
> message = "Expired or missing credentials... please log in again"
> self.session().setValue('message', message)
>This code occurs many lines before the banner code, shown above.
>Now, my question: Exactly when does the res.sendRedirect fire? When the
>interpret reaches it? When the entire page is processed? ???
>The reason for my question is that, currently, my message "Expired or
>missing credentials... please log in again" is never displayed on
>index.htm. If the res.sendRedirect fired immediately, it would
>be. However, for some reason the page continues executing and gets to
>self.session().delValue('message') before the redirect actually
>occurs. The result is that when index.htm starts,
>self.session().hasValue('message') is empty.
>If I remove self.session().delValue('message'), then the message "Expired
>or missing credentials... please log in again" is displayed correctly. Of
>course this has other problems. :) Namely, "Expired or missing
>credentials... please log in again" continues to display on every page
>until some other PSP code comes along to change
>Am I going about this the wrong way?
We've seen this problem before. There are 2 solutions that I know of:
1) instead of using sendRedirect(), use
self.application().forward(self.transaction(), url) which will perform the
redirect purely within the appserver. Not only will this be faster, but I
can definitely vouch that it will preserve any session variables you set
before you do the forward, but only if you use a CVS version of Webware
from sometime in the last 2 months -- I fixed a bug in this area in late June.
2) redirect to a full url like "http://foo.com/bar/index.htm" instead of
just "index.htm". I'm pretty sure this will also solve the problem,
because it forces the redirect and session cookie to be sent all the way
back to your browser.
Please let us know if either of these solutions works for you.
And since this question keeps on coming up every couple of weeks, we
perhaps ought to fix sendRedirect so that it constructs a full URL or at
least displays a warning if you don't redirect to a full URL and you have
cookies being set.