Vaadin error message distorted when session is timed out

Hi,

I’ve got a whole IS built on top of the Vaadin/Spring/JPA stack and I use .jsp pages with Spring security to handle logging users in and out.
I also have a session timeout set aggressively to 7 minutes for security reasons, so users are kicked out pretty soon and are forced to log in again,

While we were running Vaadin 6.4.8, everything was fine, but after system-wide upgrade to Vaadin 6.6.2, a weird error is displayed, when session is timed out. Check this out:

screen

Instead of a regular session timeout (normal sized red window), we get this one, where the scrambled loginform.jsp is somehow dumped.

Note: this happens only in Firefox browser, other are working as before,

any hints on where to look for error?

EDIT: actually, it does a ‘similar’ thing in IE, see
screenFromIE

cheers,
Sam

Hi Samuel,

There is exception trace included to error messages in some cases. This may cause crappy looking error messages. Anyway, you can hide the trace with CSS:

v-Notification-system p+br+p {
display: none;
}

Btw, If you have just updated the vaadin in your system then it’s good to make sure that the theme and widgetset has the same version. Otherwise this may cause some strange behavior. Vaadin debug window (?debug) shows the errors if the versions does not match.

yup, there is a mismatch in our widgetset and theme version, I’ll have to fix it somehow, thanks Jarno for hint.

alright,
so we checked the theme version, there was a warning about vaadin version mismatch,
we fixed it, but it has no effect on error I’ve described in the first post,
anybody has a hint of where to look at?

It’s not a critical issue but it looks a bit un-professional that client sees “communication error” instead of session timeout.

Hi,

You could check ApplicationConnection.doUidlRequest() as the communication error message is likely created there. If your problem is just the text it shows you could just modify it by using
CustmizedSystemMessages

Hello,

Did anyone find a solution to this?

We experience the same problem in our application built with VAADIN/Spring/Hibernate. What we found is that when the session timeout occurs, the client-side sends UIDL request (/UIDL?windowName=AppLevelWindow), and the response status is 302 with content the login page html.The ApplicaitonConnection ( com.vaadin.terminal.gwt) obviously expects JSON and fails to render.

Any help is appreciated.

Regards,
Dinko Ivanov


UPDATE:
I was able to fix the problem by adding Spring Custom Filter in the security config, which handles gracefully UIDL requests, when session is expired. As reference I used the AbstractApplicationServlet which creates proper JSON response to notify about session expiration.

Is it possible to share some code with us about the spring filter with JSON answer ?

Thanks in advance