As for the extra sessions, it seems that PUSH causes sessions to start over again. The only way I can make this work is on user logoff request, first turn off PUSH on all UIs, then tell them all to logoff, then end the session:
// Hack to turn off PUSH on all UIs first. Doing it this way to try to avoid spurious PUSH sessions reactivating.
for( final UI ui : VaadinSession.getCurrent().getUIs() ) {
ui.access(new Runnable() {
@Override
public void run() {
ui.getPushConfiguration().setPushMode(PushMode.DISABLED);
}
});
}
// Force all UIs to be logged off when any UI logs off
for( final UI ui : VaadinSession.getCurrent().getUIs() ) {
ui.access(new Runnable() {
@Override
public void run() {
if ( ui instanceof EsfVaadinUI ) {
EsfVaadinUI vui = (EsfVaadinUI)ui;
vui.setLogoffUrlNormal();
vui.getPage().setLocation(logoutUrl); // set the logoff page before we close the session
}
}
});
}
VaadinSession.getCurrent().close();
I tried just disabling push mode when I also do the setLocation(logoutUrl) – using just one UI loop – but that didn’t work as I’d still get an extra session from time to time. I’m sure it was some sort of timing issue. With the two loops, I’ve not seen that happen (yet!).
Sure enough, adding the atmosphere listener in web.xml eliminates a warning message in the logs.
<!--
Steve - Feb 12th, 2015:
Attempting to get rid of a warning message in the logs:
Feb 12, 2015 7:26:00 AM org.atmosphere.cpr.AtmosphereFramework doInitParams
WARNING: SessionSupport error. Make sure you define org.atmosphere.cpr.SessionSupport as a listener in web.xml instead
https://github.com/Atmosphere/atmosphere/wiki/Enabling-HttpSession-Support
-->
<listener>
<listener-class>org.atmosphere.cpr.SessionSupport</listener-class>
</listener>
<context-param>
<param-name>org.atmosphere.cpr.sessionSupport</param-name>
<param-value>true</param-value>
</context-param>
I was hoping this might have an effect on the errors encountered pushing to a UI that has closed, but not yet been detached - as in ticket
#14280 and my post
here , but no joy on that yet.
Can anybody at Vaadin confirm if this listener and context-param is still necessary, or if it can cause it’s own issues with multiple libraries trying to control heartbeats, session timeout, etc.? We still see occasional oddities in which items added to our session are not found even though it does not appear the user logged off, but with websockets we cannot as easily see all web server interactions via tomcat’s access logs.
The
warning has been disabled in more recent versions of the Vaadin branch of Atmosphere and apparently the listener is not needed, although I am not sufficiently familiar with the Atmosphere integration to be able to tell why it is not needed.
Apparently the listener only exists to clean up some references from the session and to the session. The references from the session attributes to Atmosphere should not be an issue as the session gets garbage collected, and I’d assume the references to the session get cleaned up some other way if they need to be cleaned. However, if everything works for you and you want to minimize changes to minimize risks, I believe the listener won’t hurt, either.