I’ve got a whole IS built on top of the Vaadin/Spring/JPA stack and I use .jsp pages with Spring security to handle logging users in and out.
I also have a session timeout set aggressively to 7 minutes for security reasons, so users are kicked out pretty soon and are forced to log in again,
While we were running Vaadin 6.4.8, everything was fine, but after system-wide upgrade to Vaadin 6.6.2, a weird error is displayed, when session is timed out. Check this out:
screen
Instead of a regular session timeout (normal sized red window), we get this one, where the scrambled loginform.jsp is somehow dumped.
Note: this happens only in Firefox browser, other are working as before,
any hints on where to look for error?
EDIT: actually, it does a ‘similar’ thing in IE, see
screenFromIE
There is exception trace included to error messages in some cases. This may cause crappy looking error messages. Anyway, you can hide the trace with CSS:
v-Notification-system p+br+p {
display: none;
}
Btw, If you have just updated the vaadin in your system then it’s good to make sure that the theme and widgetset has the same version. Otherwise this may cause some strange behavior. Vaadin debug window (?debug) shows the errors if the versions does not match.
alright,
so we checked the theme version, there was a warning about vaadin version mismatch,
we fixed it, but it has no effect on error I’ve described in the first post,
anybody has a hint of where to look at?
It’s not a critical issue but it looks a bit un-professional that client sees “communication error” instead of session timeout.
You could check ApplicationConnection.doUidlRequest() as the communication error message is likely created there. If your problem is just the text it shows you could just modify it by using
CustmizedSystemMessages
We experience the same problem in our application built with VAADIN/Spring/Hibernate. What we found is that when the session timeout occurs, the client-side sends UIDL request (/UIDL?windowName=AppLevelWindow), and the response status is 302 with content the login page html.The ApplicaitonConnection ( com.vaadin.terminal.gwt) obviously expects JSON and fails to render.
Any help is appreciated.
Regards,
Dinko Ivanov
UPDATE: I was able to fix the problem by adding Spring Custom Filter in the security config, which handles gracefully UIDL requests, when session is expired. As reference I used the AbstractApplicationServlet which creates proper JSON response to notify about session expiration.