Announcement Announcement Module
No announcement yet.
RememberMe, Ajax and logging. Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • RememberMe, Ajax and logging.

    I have a system where I want to register whenever a user successfully logs into my application. I want to include the times where a user gets authenticated through 'remember me' functionality (when he logs in after a timeout) and achieve this by having an ApplicationListener filtering out any AuthenticationSuccessEvents. My problem occurs when a user, after having timed out, directly enters a page which includes several ajax requests. The system don't have time to authenticate the first call before the next request is sent, so all (or most of) the calls gets authenticated and logged as separate entries.

    It seems to me that this could (hopefully) be a common problem with 'remember me' and ajax and hoped that there was a fairly easy way of fixing it, but I can't find any good information on the issue.
    One possible solution could perhaps be to synchronize the code where log entries gets written to the database and make sure no other entries was written the last few seconds before entering a new one. I don't like this solution though, as I think it would scale poorly.

    I am currently using acegi-security version 1.0.4 , but plan to upgrade to spring-security 2.x some time in the future.

    Help and suggestions are greatly appreciated.
    Thanks in advance.


  • #2
    Try to restrict client to send sequential requests, for example, in RichFaces it can be done via
    <a4j:status layout="block"  for="mainRegion"
    element. Or using XMLHttpRequest object and block page until client get response.


    • #3
      Thanks a lot for your suggestions Andrei.
      Turns out, however, that I made a mistake assuming it was the ajax functions which caused the problem.
      The reason was that the javascript, images and stylesheets where all protected by acegi as well.
      After adding /js/**=#NONE# to the filterChainProxy everything works much more smoothly