Odd session/redirect behavior

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Odd session/redirect behavior

Mike Vogt-2
Hi All,
In a fusebox application, I have a script that runs at the 'top' of every circuit that detects if a session exists, if a session value is a match for the circuit, and if either case is not true, it calls abandon session, and redirects the user to a session timeout page.  What I've been able to reproduce is the following.  User logs in, then logs out (which also calls abandon session), then uses the back button and refreshes (F5) the page. What happens is that the user is redirected to the timeout page, but the code on the page displayed is executed again, though this time without session values.  According to the docs, a redirect is the last command within a flow of execution, but it would appear that the circuit continues and the page code is executed again.

What am I missing?

TIA,
Mike Vogt

The session timeout/user match script I run at the top of each circuit follows.

if (session internal id # 0)
         If(get session("user_type") #"Substitute")
                 abandon session
                redirect(fusebox.makeurl("WillsubError.SessionTimeOut "))
         end if

 else
        abandon session
        redirect(fusebox.makeurl("WillsubError.SessionTimeOut "))
 end if
_______________________________________________
Active4D-dev mailing list
[hidden email]
http://list.aparajitaworld.com/listinfo/active4d-dev
Archives: http://active4d-nabble.aparajitaworld.com/
Reply | Threaded
Open this post in threaded view
|

Re: Odd session/redirect behavior

Aparajita Fishman
Sounds like a browser caching issue. Make sure you are disabling browser caching with the suitable cache-control and expires response headers.

Many thanks,

  - Aparajita

> On Jul 18, 2016, at 8:47 AM, Mike Vogt <[hidden email]> wrote:
>
> Hi All,
> In a fusebox application, I have a script that runs at the 'top' of every circuit that detects if a session exists, if a session value is a match for the circuit, and if either case is not true, it calls abandon session, and redirects the user to a session timeout page.  What I've been able to reproduce is the following.  User logs in, then logs out (which also calls abandon session), then uses the back button and refreshes (F5) the page. What happens is that the user is redirected to the timeout page, but the code on the page displayed is executed again, though this time without session values.  According to the docs, a redirect is the last command within a flow of execution, but it would appear that the circuit continues and the page code is executed again.
>
> What am I missing?
>
> TIA,
> Mike Vogt
>
> The session timeout/user match script I run at the top of each circuit follows.
>
> if (session internal id # 0)
> If(get session("user_type") #"Substitute")
> abandon session
> redirect(fusebox.makeurl("WillsubError.SessionTimeOut "))
> end if
>
> else
> abandon session
> redirect(fusebox.makeurl("WillsubError.SessionTimeOut "))
> end if
> _______________________________________________
> Active4D-dev mailing list
> [hidden email]
> http://list.aparajitaworld.com/listinfo/active4d-dev
> Archives: http://active4d-nabble.aparajitaworld.com/


_______________________________________________
Active4D-dev mailing list
[hidden email]
http://list.aparajitaworld.com/listinfo/active4d-dev
Archives: http://active4d-nabble.aparajitaworld.com/
Reply | Threaded
Open this post in threaded view
|

Re: Odd session/redirect behavior

Mike Vogt-2
Aparajita,
Thanks for highlighting where to look. I checked the cache control (been a long time since I looked at these) and found:

The Response header has:
        Cache-Control:private, max-age=0, no-cache

The Request header has:
        Cache-Control:max-age=0


Doing a little googling returned way too much info, but the above seems to satisfy that no caching should occur.
Are there suggested specific entries for cache control for dynamic sites?

Thanks,
Mike
 

-----Original Message-----
From: Active4D-dev [mailto:[hidden email]] On Behalf Of Aparajita Fishman
Sent: Monday, July 18, 2016 3:12 PM
To: Active4D Developer Discussion List <[hidden email]>
Subject: Re: [Active4d-dev] Odd session/redirect behavior

Sounds like a browser caching issue. Make sure you are disabling browser caching with the suitable cache-control and expires response headers.

Many thanks,

  - Aparajita

> On Jul 18, 2016, at 8:47 AM, Mike Vogt <[hidden email]> wrote:
>
> Hi All,
> In a fusebox application, I have a script that runs at the 'top' of every circuit that detects if a session exists, if a session value is a match for the circuit, and if either case is not true, it calls abandon session, and redirects the user to a session timeout page.  What I've been able to reproduce is the following.  User logs in, then logs out (which also calls abandon session), then uses the back button and refreshes (F5) the page. What happens is that the user is redirected to the timeout page, but the code on the page displayed is executed again, though this time without session values.  According to the docs, a redirect is the last command within a flow of execution, but it would appear that the circuit continues and the page code is executed again.
>
> What am I missing?
>
> TIA,
> Mike Vogt
>
> The session timeout/user match script I run at the top of each circuit follows.
>
> if (session internal id # 0)
> If(get session("user_type") #"Substitute")
> abandon session
> redirect(fusebox.makeurl("WillsubError.SessionTimeOut "))
> end if
>
> else
> abandon session
> redirect(fusebox.makeurl("WillsubError.SessionTimeOut ")) end if
> _______________________________________________
> Active4D-dev mailing list
> [hidden email]
> http://list.aparajitaworld.com/listinfo/active4d-dev
> Archives: http://active4d-nabble.aparajitaworld.com/


_______________________________________________
Active4D-dev mailing list
[hidden email]
http://list.aparajitaworld.com/listinfo/active4d-dev
Archives: http://active4d-nabble.aparajitaworld.com/
-----
No virus found in this message.
Checked by AVG - www.avg.com
Version: 2016.0.7640 / Virus Database: 4627/12607 - Release Date: 07/13/16
_______________________________________________
Active4D-dev mailing list
[hidden email]
http://list.aparajitaworld.com/listinfo/active4d-dev
Archives: http://active4d-nabble.aparajitaworld.com/