My assumption seems to be right, if I type:

/logout//

then DoLogout is called. When I call it again:

/logout//

then the home page is displayed, and of course no logout is executed, so Chrome or IE remembers that request to /logout// was redirected to / (home), so the web browser does it automatically by calling / (home).

When trying /logout/// again, at first logout is called but in any next attempt it does what I described.

By on 9/15/2017 8:17 AM ()

Yes, that is the behavior of RedirectPermanent (HTTP status 301) as implemented by the browser: it remembers the URL and doesn't query it again, instead it directly requests the target endpoint. For your purpose, you need to use RedirectTemporary (HTTP status 307) instead.

Note though that since you've used RedirectPermanent before, your browser will still remember this URL as being a permanent redirect, and it will continue not requesting it. You will need to empty your browser cache once to see the correct behavior, ie /logout requested every time.

By on 9/15/2017 8:23 AM ()

In Chrome, I opened developer tools and on Application tab I clicked on Clear site data.

Fine, cookies were deleted and my website reflected correct state, login menu item is displayed.

I login, and try to logout, but no success. I have changed:

1
2
3
4
5
let DoLogout (context : Context<EndPoint>) = async {
    do! context.UserSession.Logout()

    return! Content.RedirectTemporary EndPoint.Home
}

In Edge all works fine, but not in Chrome or IE.

What am I doing wrong, actually in sample code you have got here on github you use:

https://github.com/intellifactory/websharper/blob/master/tests/WebSharper.Sitelets.Tests/SampleSite.fs

the same what I have got.

By on 9/15/2017 8:49 AM ()

Update, I have just tested IE again, and Content.RedirectTemporary EndPoint.Home works fine, so the Chrome is the only problem.

By on 9/15/2017 8:54 AM ()

As in the sample link above, you could use a "salt" on endpoints that can operate in different contexts (such as when a user is logged in or out):

1
2
let private RandomizeUrl url =
    url + "?d=" + System.Uri.EscapeUriString (System.DateTime.Now.ToString())

This way the browser won't/can't cache them and you will get the right content each time the resource is requested.

By on 9/15/2017 10:06 AM ()

With RedirectTemporary the "not called endpoint" issue is solved, but user session or cookies are not deleted in Chrome.

I tried another approach when redirect page is loaded after logout with

1
2
3
4
5
6
7
8
<meta http-equiv="refresh" content="0; url=${RedirectToUrl}" />

let DoLogout (context : Context<EndPoint>) = async {
    do! context.UserSession.Logout()

    //return! Content.RedirectTemporary EndPoint.Home
    return! Templating.RedirectToAction context EndPoint.Home
}

without any success.

So is that a chrome problem, or websharper one?

By on 9/15/2017 10:21 AM ()

WebSharper uses HTTP code 307 for temporary redirects (see the sitelet documentation page and the "Helpers" section.)

Now, it's my hunch that some browsers still interpret 307 as "cache the page redirected to", so unless you request the original page with a "salt" on the URL, you are up to the mercy of the given browser as to what it will display for you. Alternatively, you can also serve the page you are redirecting to with an explicit expiration to force the browser to re-request it the next time that page is requested directly or indirectly (via a redirect). So, this should solve any caching issues and could explain why your cookies are not order.

However, you didn't bring up getting a 404 before, so I suspect something else is up too. Can you post your code or a small snippet as a gist, that exhibits the problem you are referring to?

By on 9/15/2017 11:50 AM ()
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
let RedirectToBetPosition() =
    Content.RedirectTemporary EndPoint.BetPosition

let DoLogin (loginData : LoginData) (context : Context<EndPoint>) = async {
    let database = CashOutAllDatabase()

    let! aUser = database.GetUserByUserName(loginData.UserName)

    match aUser with
    | Some user -> 

        if user.Password = (SecurityServices.PasswordHashing loginData.Password)
        then
            do! context.UserSession.LoginUser(loginData.UserName, true)

            return! RedirectToBetPosition()
        else
            return! Templating.Login loginData (Some "The password is not valid!")

    | None -> return! Templating.Login loginData (Some "User name or password is not valid!")
}

DoLogin processes POST request, so when user is validated, I want to show BetPosition page, therefore:

RedirectToBetPosition()

Whould you consider to add redirection routines similar like asp.net do it?

So HTTP 302 code, and set Location to redirected url?

Why we need redirection on not SPA web page, because it is good to change url as well. In the above example, DoLogin is POST for /login url, so this Templating.Login loginData (Some "The password is not valid!") so url remains the same, different content is returned.

By on 9/15/2017 12:06 PM ()

Once again, why don't you add a salt to the /logout URL?

By on 9/15/2017 11:03 AM ()

Thanks, Adam. Of course, I will try, but first I want to understand this issue. I am more desktop developer than web developer, and when making my web site in asp.net mvc couple years ago, I had no such problems on logout page or with redirection to action. asp.net mvc RedirectToAction has alternative RedirectTemporary in websharper, right?

In my websharper web site I still need to redirect to another page depending on current state on a page, so I used RedirectPermanent, just because Intelisense offered that as the first method, not thinking about consequences, until I found out a problem on logout page, so I switched to RedirectTemporary for logout.

On the other hand I still have the necessity to Redirect, and when using RedirectTemporary I have got now HTTP Error 404.0 - Not Found when login, and redirecting to another page, with RedirectPermanent, I had no such problems, so my question what you use in such cases. My web site is not SPA.

By on 9/15/2017 11:26 AM ()

asp.net mvc uses for RedirectToAction

HTTP/1.1 302 Found Cache-Control: no-cache Pragma: no-cache Expires: -1 Location: /

Have we got something similar in websharper?

By on 9/15/2017 11:56 AM ()
IntelliFactory Offices Copyright (c) 2011-2012 IntelliFactory. All rights reserved.
Home | Products | Consulting | Trainings | Blogs | Jobs | Contact Us
Built with WebSharper