What is the expected behaviour of the default home page?

5
* REVISED QUESTION * What is the expected behaviour of the default home page? In 2.4.x (when it was the 'Home' property on the Navigation) it was executed every time a user logged on, and if they logged out & logged back in it was executed again. However in 2.5 it only appears to be executed the first time a user logs in during a browser session, unless the login screen is refreshed. This leads to inconsistent behaviour in the application. I was expecting the default home page to behave in the same way as 2.4.x - i.e. that the default would always be applied unless there was an alternative home page for the user role of the user logging in. I have noticed the following happening: When I login & logout agaon the user name & password are still displayed on the login screen - I have now raised this as a bug. If I log out & overwrite the username & password & login as a new user then the default home page microflow is re-executed - but ONLY if the new user has a different user role to the previous user. If I log out & log in again as a different user with the same user role as the previous user then the default home page microflow does not get re-executed. At least this is what appears to be happening if I put break points on the various microflows concerned. Can someone confirm if this is the way it should work, or is there a bug? If this is how the default home page is intended to work then how can I get a microflow to execute every time a user logs in? It is an absolute requirement for most production applications to have the facility to execute the equivalent of a user profile every time an individual user logs in to the system. Thanks. ORIGINAL QUESTION I have an application which has a microflow set as the default home page. When I log in the microflow is executed. If I log out and then log straight back in again as the same user, the microflow does not get executed again. Is this the correct behaviour? I'm currently running the application in development, using localhost, but how would this be handled in a production application on a separate web server? I need the microflow to execute on each login as I use it to test if the password has expired to and force it to be reset after 3 grace logins. Thanks. UPDATE * Re. comment below - this is running in 2.5 - it works as expected in 2.4.6 & prior versions. UPDATE 2 * I've now set some breakpoints on the relevant microflows and this is what appears to be happening: The default home page is a microflow: StartUp.UserLogin_CheckPasswordExpired. There are no alternative home pages. The home page microflow checks if the users password has expired and either prompts the user to change it or calls another microflow: StartUp.UserLogin_LoadHomePage. When I first login the microflows are executed correctly. The console log shows the 'Login OK: user 'xyz' message, followed by the microflow log messages (when breakpoints are enabled). When I log out the login form is redisplayed with the user id & password still showing (possibly a cacheing issue). When I log back in using the same user id and password the console again shows the 'Login OK: user 'xyz' message, but this time the default home page microflow does not get executed. This could potentially be a significant security issue for some clients on 2 counts: Firstly when a user logs out their log in details remain on the screen, and secondly when they log back in again the password checks are not performed. UPDATE 3 * Further info - my browser does not have the username/password saved. I'm running Firefox 3.6.3. The Mendix server does not appear in the list of saved passwords & I have the 'Remember passwords' option unchecked. In Mendix 2.4.6 the home page microflow was executed after every logon - this behaviour appears to have now been changed. Is there any other way to acieve this? The after startup event also appears to have been removed in this version - or has it been moved somewhere? Thanks. UPDATE 27/04/2010 * I have been working a bit more on my application & have noticed the following characteristics of the login process. When I login & logout agaon the user name & password are still displayed on the login screen - I have now raised this as a bug. If I log out & overwrite the username & password & login as a new user then the default home page microflow is re-executed - but ONLY if the new user has a different user role to the previous user. If I log out & log in again as a different user with the same user role as the previous user then the default home page microflow does not get re-executed. At least this is what appears to be happening if I put break points on the various microflows concerned. Can someone confirm if this is the way it should work, or is there a bug? In previous versions of Mendix the home page microflow was always re-executed every time a user logged in, even if they had already logged in & logged out in the same session. If this is not how the default home page is intended to work then how can I achieve what I am trying to do? It is an absolute requirement for most production applications to have the facility to execute the equivalent of a user profile every time an individual user logs in to the system. Thanks.
asked
3 answers
3

Hi Andrew,

You did a correct analysis, I will react on your points below:

When I login & logout agaon the user name & password are still displayed on the login screen - I have now raised this as a bug.

Will be solved in 2.5.0-rc1

If I log out & overwrite the username & password & login as a new user then the default home page microflow is re-executed - but ONLY if the new user has a different user role to the previous user.

If I log out & log in again as a different user with the same user role as the previous user then the default home page microflow does not get re-executed.

This behaviour is due to the anonymous user feature we now provide in 2.5. This is a beta feature, so we're happy to receive your feedback!

We make a distinction between the 'normal' login page (login.html) and the inner login screen. If you navigate to index.html and anonymous users are enabled you will directly see the client. Once you click a button with a microflow for which you need more rights the inner login screen will be served. If logged in, you can continue in the same form (we do a reload of your security rights, but we don't trigger the startup microflow again because you want to stay on the same page).

If you hit 'logout' you will be redirected to the login screen. Which one depends on were you did come from. We save your origing (index.html or login.html) in the cookie. You can test this behaviour by removing the cookie from your browser en surfing to index.html or login.html, logon and logout.

If you use the login.html form the behaviour should be the same as in 2.4. So, you can solve your problem by using login.html. When you deploy your application on a server you should make sure to redirect the root url to login.html instead of index.html (if anonymous users are disabled).

We're still testing this behaviour. If you have any feedback or ideas to improve this behaviour, please let us know!

answered
1

This sounds like a browser caching issue to me

answered
1

What do you mean exactly by:

When I log out the login form is redisplayed with the user id & password still showing

? The only way in which you should see this is if your browser saved the username/password for you, otherwise you should always have a blank login form.

As for the Microflow not being executed, the way it works now is that it's the default home page, meaning that whenever you login (and thus didn't have a previous location that you wanted to surf to) you get redirected to the homepage, ie microflow. It was never meant as an "after login" action.

answered