Session expiration sometimes doesn't redirect to logoff page

David3 · January 30, 2014, 9:22pm

Using Vaadin 7.1.10 (and earlier 7.1 as well), we set up our CustomizedSystemMessages() to require re-login by redirecting to a logoff page (outside of Vaadin) for session expired, communications error, internal error, out of sync and cookies disabled.

Most of the time this works as expected. When we see a session expired link, it will 90% of time go to the logoff page. But on a few occasions – we don’t know how they differ – it will just end up reloading the page when you click on the red error box, with the user logged in as if the session never ended.

Is there any idea why this sometimes happens and any recommendation on perhaps how to trap the session expiration in debug so I can perhaps trace why it doesn’t redirect to our logoff page?

Marius14 · January 31, 2014, 8:13am

When it reloads on clicking the Session Expired link, is the Session really up or do you get another message when the user tries to interact with the UI?

David3 · January 31, 2014, 7:47pm

On clicking, the page refreshes and the app is entirely usable. It’s as if the serialized session is somehow restored, or the session was not truly over. It’s odd to be sure because if the session truly ends in Tomcat, all of the UI information should be gone.