Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Enabling session expired notification prevents seamless logout button

See original GitHub issue

Enabling the session-expired notification via CustomizedSystemMessages.setSessionExpiredNotificationEnabled(true) prevents me from having a seamless logout button since the “Session Expired” message flashes briefly when logging out.

The logout button is implemented as usual:

        Button button = new Button("Logout",
                e -> {
                    UI.getCurrent().getPage().setLocation("/");
                    VaadinSession.getCurrent().close();
                    VaadinSession.getCurrent().getSession().invalidate();
                } );

Expected behavior

Pressing the button should reload the page without showing the “session expired” notification.

Actual behavior

Pressing the button will briefly show a red “session-expired” notification then reloads the page.

Workarounds

Using UI.getCurrent().getPage().open("/", "_self"); instead of setLocation() as suggested at https://github.com/vaadin/framework/issues/4255 doesn’t help - the “session expired” notification still flashes.
Disable the session expired notification.

Versions:

- Vaadin / Flow version: 14.4.4 / 2.4.3
- Java version: 11

Issue Analytics

State:
Created 3 years ago
Comments:5 (5 by maintainers)

Top GitHub Comments

1reaction

denis-anisimovcommented, Mar 24, 2021

This is a mixture of various issues so I would like to have here a resume of the problem:

this issue is fixed by #10390
there is a similar ticket #9705 which is quite close to this ticket except the LogoutView doesn’t use CustomizedSystemMessages
There is another very similar test SessionCloseLogoutIT which is initially broken and this fact allows it to pass in the branches where it’s enabled (see #10389: it enables the test in the master ).

Details are here:

LogoutView from #9705 doesn’t use any system messages which means that the client side uses WidgetUtil.redirect(url) logic on session expired.
This ticket uses CustomizedSystemMessages which enables another branch of the client side logic : it shows an error message instead of redirect .

That’s why the behavior in the #9705 is different and randomly fails.

The MessageHandler (on the client side , flow-client) checks first whether there is session expired message and then it flushes all the command via Reactive.flush().

As a result : there is no any reasons to execute “session expired” logic before other commands but in fact it’s better to execute session expired after since there can be commands which should “cancel” (or hide the effect of) session expired execution.

There is a SessionCloseLogoutIT which failed after changes in #10390 (that was the reason why the fix has been reverted). If fails because of totally different reasons. The test as initially broken because of https://github.com/vaadin/flow/issues/8177. The latter ticket is exactly about this usecase: Long Polling Push + redirect.

SessionCloseLogoutView has no CustomizedSystemMessages which means that WidgetUtil.redirect(url) branch is used. And this execution is cancelled because of the #8177 bug. Then JS execution is handled properly. So SessionCloseLogoutIT works because it’s buggy. When #10390 is applied the window.location.href= is cancelled instead of WidgetUtil.redirect(url) and this is exactly the #8177. So SessionCloseLogoutIT should not use window.location.href= but it should use setLocation instead (which terminates the UI). This is fixed here : https://github.com/vaadin/flow/pull/10389