0
votes

I am extending an application (Jasig CAS) built using Spring Webflow 2.4.1 and Spring 4.1.8. I have noticed that when I walk away for a while and come back, the flow will continue executing. It does not timeout.

I thought that after idle timeout, the flow will take user back to the starting point since the session is destroyed, the flow execution key would be lost and so are the variables stored in HTTP session. But, apparently that is not the case.

Can someone help me understand why the flow does not timeout? And, how did it get the flow execution key and flow variables after the HTTP session is destroyed?

Here is the log I see. Note that the flow is resuming and flow variables restored, that maybe why the flow can continue running.

2016-07-26 16:10:17,688 DEBUG [org.springframework.webflow.mvc.servlet.FlowHandlerMapping] - Mapping request with URI '/cas/login' to flow with id 'login'
2016-07-26 16:10:17,689 DEBUG [org.springframework.webflow.executor.FlowExecutorImpl] - Resuming flow execution with key 'c5317d47-5330-4189-971f-......(key omitted)
2016-07-26 16:10:17,710 DEBUG [org.springframework.webflow.definition.registry.FlowDefinitionRegistryImpl] - Getting FlowDefinition with id 'login'
2016-07-26 16:10:17,710 DEBUG [org.springframework.webflow.engine.impl.FlowExecutionImpl] - Resuming in org.springframework.webflow.mvc.servlet.MvcExternalContext@61b71149
2016-07-26 16:10:17,710 DEBUG [org.springframework.webflow.engine.Flow] - Restoring [FlowVariable@1a5e084e name = 'credential', valueFactory = [BeanFactoryVariableValueFactory@13734668 type = UsernamePasswordCredential]]
2016-07-26 16:10:17,711 DEBUG [org.springframework.webflow.engine.Flow] - Restoring [FlowVariable@4cae64b7 name = 'changePassword', valueFactory = [BeanFactoryVariableValueFactory@4d5651b5 type = ChangePasswordCredential]]
2016-07-26 16:10:17,711 DEBUG [org.springframework.webflow.engine.Flow] - Restoring [FlowVariable@fe3958d name = 'changeEmail', valueFactory = [BeanFactoryVariableValueFactory@266f6421 type = ChangeEmailAddress]]
2016-07-26 16:10:17,711 DEBUG [org.springframework.webflow.engine.Flow] - Restoring [FlowVariable@7c53be39 name = 'changeSecretQuestion', valueFactory = [BeanFactoryVariableValueFactory@5dedcff3 type = ChangeSecretQuestion]]
2016-07-26 16:10:17,712 DEBUG [org.springframework.webflow.mvc.view.AbstractMvcView] - Processing user event 'submit'
1

1 Answers

1
votes

Either your Session isn't actually destroyed or this Jasig CAS does something non-default in order to make Flows persist beyond the HTTP Session. The Spring Web Flow defaults do use the Session and will not be able to resume once the Session expires.