Hi, The intercept data should be cleaned at org.apache.wicket.RestartResponseAtInterceptPageException, line 211 - InterceptData.clear(); Put a breakpoint there and see what happens.
On Wed, Feb 8, 2012 at 7:55 PM, Evan Sable <e...@novelution.com> wrote: > Hi, > > > > I'm using wicket 1.5-SNAPSHOT along with Shiro for > authentication/authorization security, and when an unauthorized user tries > to go to a page, Shiro calls redirectToInterceptPage behind the scenes, and > during the login process, after a successful login, there is code that says: > > if (!continueToOriginalDestination()) { > > setResponsePage(getApplication().getHomePage()); > > } > > > > It is working in the sense that if a user gets redirected to login, they are > taken to the correct destination afterwards, and if a user just clicks the > login link in a new browser they are redirected to the homepage after login. > > > > BUT, the problem is, if an initial user tries to go to a protected page, > gets redirected to the login, logs in, and then logs out, and then, without > closing the browser, clicks the login link and logs in with the same user > again or even another user, it still redirects to the prior "original" > destination, which should no longer take effect. I would think that this > should be forgotten upon logging out, which replaces the wicket session > with: > > Session session = Session.get(); > > session.replaceSession(); > > > > I think I must be misunderstanding how continueToOriginalDestination is > working - I thought it was placing the original destination url into the > users session, which is why I figured that after the login which redirects, > followed by the logout which replaces the session, it would be gone. > > > > Can someone please explain what I'm thinking about wrongly here and why the > destination is being retained across multiple logins. Also, how can I avoid > this so that the original destination is only used the first time? Btw, > just to be clear, if I logout and then click to a new protected url, the > "original destination" value is properly replaced with the new protected > destination which redirects back to the intercept page. The problem is only > if I click directly to the login page without a new intercept, but after > having previously utilized the continueToOriginalDestination in the prior > login. > > Thanks very much for any help! > > -Evan > -- Martin Grigorov jWeekend Training, Consulting, Development http://jWeekend.com --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org