Hi all,
I have a created a simple authorizationstrategy, SimplePageAuthorizationStrategy authorizationStrategy = new SimplePageAuthorizationStrategy( OnlineVacationAvailabilityPage.class, VacationAlreadyRegisteredPage.class) { protected boolean isAuthorized() { return (((VacationApplicationSession)Session.get()).getBookingInformation() == null); } }; getSecuritySettings().setAuthorizationStrategy(authorizationStrategy); I want the user to visit the OnlineVacationAvailabiltyPage only when he's authorized (= there's no bookingInformation in the session). When a execute the following scenario (it's a bit of a reverse login scenario, but it should work ;-) : (first visit) *user enters the OnlineVacationAvailabiltyPage -> isAuthorized returns true because there is no booking information in the session (= OK) *users enters information and submits page -> program creates a bookingInformation object in the session (= OK) *users clicks back button of the browser -> isAuthorized returns false because there is a booking information available in the session, the user is redirected to the VacationAlreadyRegisteredPage (= OK) The above works as it should, but the following scenario doesn't (first visit) *user enters the OnlineVacationAvailabiltyPage -> isAuthorized returns true because there is no booking information in the session (= OK) *users enters informations and submits page -> there is a validation error in the onSubmit action, error(message) is called and the user returns to the OnlineVactionAvailabiltyPage (but now it's not a stateless page anymore because there is an error message shown to the user) (=OK) *users enters correct information and submits page -> program creates a bookingInformation object in the session (=OK) *users clicks back button of the browser -> the isAhtorized method isn't called anymore and the user returns to the OnlineAvailibiltyPage ( NOT OK !!!!) I thinks this happens because after the error occurred my page isn't stateless anymore L Any ideas how to solve this ? Regards, Joeri