Method to invalidate Session after stateful Operations eg Panel Replacement
---------------------------------------------------------------------------
Key: WICKET-3285
URL: https://issues.apache.org/jira/browse/WICKET-3285
Project: Wicket
Issue Type: Improvement
Components: wicket
Affects Versions: 1.4.13
Environment: All
Reporter: bernard
We need to invalidate the web session after a panel of the current page is
replaced.
The use case is user registration where after completion, it must be avoided
that the session on the same client computer can accidentally be used by
someone else.
All my attempts are failing because webSession.invalidate() or even
webSession.replaceSession(); have an influence on the current request/response.
Typically, one would just show a new page, e.g.
Session.invalidate();
setResponsePage(...);
but I don't have this option because I am using panel replacement that depends
on the session.
I have tried the folowing but it doesn't seem to work:
replacedPanel.getPage().add(new AbstractBehavior(){
private boolean lastTime = false;
@Override
public void detach(Component component) {
super.detach(component);
WebRequestCycle requestCycle = (WebRequestCycle) RequestCycle.get();
WebRequest webRequest = (WebRequest) requestCycle.getRequest();
HttpServletRequest httpServletRequest =
webRequest.getHttpServletRequest();
httpServletRequest.getSession().setMaxInactiveInterval(10);
}
});
replacedPanel.replaceWith(newPanel);
Is it possible that the Wicket framework provides a safe method to invalidate
the session
after all work is completed, including redirect after post, preferably without
having to use JavaScript/AJAX hacks?
It would make sense to me that a framework that depends on sessions so heavily,
provides developers with a method to
avoid errors in this use case.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
