RequestHandler does callRedirect for uri "logout"

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

RequestHandler does callRedirect for uri "logout"

jonwimp
When callRedirect() is called, the response is committed. That means LoginWorker fails when trying
to create a new session.

I understand that we can do "<@ofbizUrl secure="true">logout</@ofbizUrl>". But that really looks
like a workaround. Is it wrong to call "logout" in http, rather than in https? For efficiency, we
often want only the login page in https, and the inside pages in http.

If you wanna fix this, it's in RequestHandler.java line 129.

Jonathon
Reply | Threaded
Open this post in threaded view
|

Re: RequestHandler does callRedirect for uri "logout"

BJ Freeman
I believe you should look more at this for logout.
I believe the requestQueryString should by-passed if a logout, such as a
time out, is being processed.

not sure when in the backend if we want a http for inside pages.
so would have to check if the app is eccommerce type.

not sure that is a real clean way to do it. since you wold have make
code to deal clone apps of eccomerce.

Jonathon -- Improov sent the following on 12/30/2007 7:24 PM:

> When callRedirect() is called, the response is committed. That means
> LoginWorker fails when trying to create a new session.
>
> I understand that we can do "<@ofbizUrl
> secure="true">logout</@ofbizUrl>". But that really looks like a
> workaround. Is it wrong to call "logout" in http, rather than in https?
> For efficiency, we often want only the login page in https, and the
> inside pages in http.
>
> If you wanna fix this, it's in RequestHandler.java line 129.
>
> Jonathon
>
>
>