Reputation: 1289
Vaadin and Tomcat7 Problems log in
I am having a problem with logging in in my application using Vaadin and Tomcat 7.
The problem is like this: If it is the first time I run the application on my server, I log in, I do what I have to do and close the browser. Now if a friend logs in on the application from his computer, he is automatically logged in with my account.
How can I resolve this issue, is it a tomcat issue where it keeps the session open or something, or I have to make some configurations in vaadin?
EDIT: Let me explain it a bit better. In my main clas where vaadin is initiatied with first window (extends Application) i have a static final USER. If i make the user=null in init(). Every time a person acceses the application, it will ask him for his username and password, so it works. But even if he refreshes the website it will ask him to put the password and username again. How can I make it to remember that specific person using cookies and http responses?
I am very new to this so any help is apreciated
Upvotes: 1
Views: 471
Answers (3)
Reputation: 61
Vaadin tracks user sessions with cookies and I have hard time believing that it could confuse sessions.
I'm a bit worried that you mention "in my main class I have a static final". Static members should not be used carelessly, as they will be shared between all users (and there will be thread safety problems). If you're using a static variable to store who's logged in, it's possible that then all users are logged in as one...
As you mentioned the Application class, you are apparently using Vaadin 6. See https://vaadin.com/book/vaadin6/-/page/advanced.httpservletrequestlistener.html for info about using cookies to automatically log in a user. That's probably not your problem in this case though.
Upvotes: 2
Reputation: 1068
I think you need to remove the static final from your USER object. Anything static final can only be created once ever for the entire application. You need it to be an instance variable.
e.g.
private User USER = null;
and not
private static final User USER = null;
Upvotes: 2
Reputation: 4754
Look at this:
https://vaadin.com/de/book/vaadin7/-/page/application.lifecycle.html
Basically you must distinguish these two things:
User hits F5/Refresh The default is, that it is presented with a new application session
You can disable this behaviour as described in "Preserving UI on Refresh" You just annotate your main UI class with @PreserveOnRefreshThe "sideeffect" of this is the following:
- You are in your application
- Now you just close the browser (or tab)
- You open again the browser/tab
- Unless your http session has expired in meantime, Vaadin shows you the last screen, just is if you have not been away at all.
You http session expired or you had destroyed the http and/or vaadin session
Vaadin then shows you just the start screen of your application. If you wish to have the login form prefilled with some values, you have to store them in a http cookie and fill in the values from there
André
Upvotes: 1
Related Questions
- VaadinCDIServlet Cookies.get(request, Constans)
- Tomcat 7 is ignoring cookies?
- Vaadin 7.1 + Spring-Security Integration running in Tomcat Server
- Sessions handling in Vaadin
- Vaadin 7 example showing "Cookies Disabled" message when deployed to tomcat 7
- How do i disable HttpOnly cookies in Vaadin?
- HttpOnly cookies on Tomcat 5.5.36
- Vaadin web application on tomcat creates only one instance of webapp for all users
- Vaadin Java with Apache Tomcat
- How to use tomcat authentication with cookies enabled?