Hi,
The intercept data should be cleaned at
org.apache.wicket.RestartResponseAtInterceptPageException, line 211 -
InterceptData.clear();
Put a breakpoint there and see what happens.
On Wed, Feb 8, 2012 at 7:55 PM, Evan Sable <e...@novelution.com> wrote:
> Hi,
>
>
>
> I'm using wicket 1.5-SNAPSHOT along with Shiro for
> authentication/authorization security, and when an unauthorized user tries
> to go to a page, Shiro calls redirectToInterceptPage behind the scenes, and
> during the login process, after a successful login, there is code that says:
>
> if (!continueToOriginalDestination()) {
>
> setResponsePage(getApplication().getHomePage());
>
> }
>
>
>
> It is working in the sense that if a user gets redirected to login, they are
> taken to the correct destination afterwards, and if a user just clicks the
> login link in a new browser they are redirected to the homepage after login.
>
>
>
> BUT, the problem is, if an initial user tries to go to a protected page,
> gets redirected to the login, logs in, and then logs out, and then, without
> closing the browser, clicks the login link and logs in with the same user
> again or even another user, it still redirects to the prior "original"
> destination, which should no longer take effect. I would think that this
> should be forgotten upon logging out, which replaces the wicket session
> with:
>
> Session session = Session.get();
>
> session.replaceSession();
>
>
>
> I think I must be misunderstanding how continueToOriginalDestination is
> working - I thought it was placing the original destination url into the
> users session, which is why I figured that after the login which redirects,
> followed by the logout which replaces the session, it would be gone.
>
>
>
> Can someone please explain what I'm thinking about wrongly here and why the
> destination is being retained across multiple logins. Also, how can I avoid
> this so that the original destination is only used the first time? Btw,
> just to be clear, if I logout and then click to a new protected url, the
> "original destination" value is properly replaced with the new protected
> destination which redirects back to the intercept page. The problem is only
> if I click directly to the login page without a new intercept, but after
> having previously utilized the continueToOriginalDestination in the prior
> login.
>
> Thanks very much for any help!
>
> -Evan
>
--
Martin Grigorov
jWeekend
Training, Consulting, Development
http://jWeekend.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
