Christian Beikov created EXTCDI-299:
---------------------------------------
Summary: Session Cookie Configuration with Secure on non secure
URL results in forever redirect loop
Key: EXTCDI-299
URL: https://issues.apache.org/jira/browse/EXTCDI-299
Project: MyFaces CODI
Issue Type: Bug
Components: JEE-JSF20-Module
Affects Versions: 1.0.5
Environment: Windows 7, JBoss AS 7.1.0.Final
Reporter: Christian Beikov
This occurs, because the session cookie of the webapp is configured to be
secure, but if you don't access the application via https you get redirected
forever.
The reason for that is of course, that no session is available at the server
side when the redirected request arrives at the server side.
The only solution to that is, to supply a specialized
WindowContextConfig#isUrlParameterSupported that returns false, but that
results in ViewExpiredException on Postback.
In my opinion CODI should somehow forward to an error page or so when this kind
of configuration happens or don't redirect to use window ids at all.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
