Is it possible to prevent user from opening JSF page in more than one browser tab or window?
views:
52answers:
2
+1
A:
@BalusC The problem concerns old JSF application that is entirely stateful. Why try to figure out some way to inform users that openning the app in two separate tabs is potentially dangerous. In no way can we change session managed beans to request managed beans.
Make all those beans request scoped, install Tomahawk, add <t:saveState value="#{bean}" /> for every bean to every view of which you'd like to retain exactly the same bean state in the subsequent request. This works independently across tabs/windows.
Without Tomahawk, the alternative would be adding <h:inputHidden /> for every bean property which you'd like to retain in the subsequent request. I can however imagine that this may produce nasty boilerplate code when there are much or when they aren't of the standard EL types (for which you have thus to create a Converter). But that's what you get paid for.
BalusC
2010-10-15 12:27:33
or use SEAM. =) http://seamframework.org/
bungrudi
2010-10-15 12:31:41
I wouldn't integrate Seam in an existing JSF app.
BalusC
2010-10-15 12:33:08
That's a very helpful piece of advice but we've decided on creating simple cookie based check if page is opened in only one page and we show an appropriate warning in case second tab has been opened.
mgamer
2010-10-15 13:50:16
I wish you much luck maintaining the cookie whenever enduser presses F5 on page or submits a form on the page. Be prepared...
BalusC
2010-10-15 13:51:02
When page loads I check if cookie is present. If it is I notify the user that he's got another tab opened. If the cookie is not present it is created. The cookie is removed on window onLoad. So there's no problem concerning submitting a form or refreshing a page. Cookie is handled just by javascript and alert is raised only when cookie is present. Do you see any problem with that approach?
mgamer
2010-10-15 14:32:20
If the cookie is removed during onload, user will still be able to open a new tab/window.
BalusC
2010-10-15 14:36:29
Yes, he will be able to open a new tab because (as onload suggests) he has just closed the old one. Onload is raised also on page refresh or form submit which is ok for me since after refresh/submit the cookie is recreated. There's a remote possiblity that during the short interval when cookie is not-existent the user successfuly opens a new tab. In such case the alert window would be shown in the first tab. So the basic requirement that work can be performed in just one tab is satisfied.
mgamer
2010-10-15 14:46:32
No, onload is fired during page load. There's also onunload, you probably meant that, but that won't work in certain browsers/circumstances due to limitations in what a browser can do during onunload and how exactly the page is been unloaded. You don't want to be dependent on that.
BalusC
2010-10-15 14:56:15
I ment onunload of course, sorry for the mistake. I need to dig deeper into the limitations you've mentioned. Thx.
mgamer
2010-10-15 14:57:50
BalusC, I've check several browsers including IE6 and can see no problem whatsoever with removing a cookie during unload.
mgamer
2010-10-18 08:02:45
A:
One scenario I have in mind: Put a javascript component in the page that will constantly sending heartbeat to the server via AJAX. As long as there are heartbeat sent from browser, this page will be flagged as 'currently_viewing'. And as long as a page have that flag on, other requests to that page should be rejected.
The detail may be a lot messier than this simple story (e.g. you might need to have some sort of 'page id' to be sent with the heartbeat), but you get the idea (... i hope :).
Everything is possible as long as you are willing to pay the price.
bungrudi
2010-10-15 12:27:47