From d454bf66d960d23908f427f86b4979912c476ec1 Mon Sep 17 00:00:00 2001
From: Artur Signell <artur@vaadin.com>
Date: Tue, 26 Mar 2013 08:54:45 +0200
Subject: Show session expired instead of throwing exception (#4252)

Change-Id: Ic3ba079d91293fd804c3c95d6cc19fc6e3cf82cc
---
 server/src/com/vaadin/server/VaadinServlet.java | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

(limited to 'server/src/com/vaadin')

diff --git a/server/src/com/vaadin/server/VaadinServlet.java b/server/src/com/vaadin/server/VaadinServlet.java
index bd379f94bc..5780b2bbc9 100644
--- a/server/src/com/vaadin/server/VaadinServlet.java
+++ b/server/src/com/vaadin/server/VaadinServlet.java
@@ -633,7 +633,19 @@ public class VaadinServlet extends HttpServlet implements Constants {
             } else {
                 // 'plain' http req - e.g. browser reload;
                 // just go ahead redirect the browser
-                response.sendRedirect(ci.getSessionExpiredURL());
+                String sessionExpiredURL = ci.getSessionExpiredURL();
+                if (sessionExpiredURL != null) {
+                    response.sendRedirect(sessionExpiredURL);
+                } else {
+                    /*
+                     * Session expired as a result of a standard http request
+                     * and we have nowhere to redirect. Reloading would likely
+                     * cause an endless loop. This can at least happen if
+                     * refreshing a resource when the session has expired.
+                     */
+                    response.sendError(HttpServletResponse.SC_GONE,
+                            "Session expired");
+                }
             }
         } catch (SystemMessageException ee) {
             throw new ServletException(ee);
-- 
cgit v1.2.3