Re: [Wicket-user] Issue with redirection to intro page after logout

[Igor Vaynberg]

its even better not to have a wicket page at all

a simple loginl.html with

<form action="/some/mounted/page" method="post">
<input name="uname"/><input name="pwd"/><input type="submit"/>
</form>

then you just mount a page that processes the submitted values and throws a
restartresponseexception to some other page.

now as users hammer your login page and stare at it for hours it is only
apache that suffers.

taking it to the next level baby!

-igor



On 4/19/07, Eelco Hillenius <[EMAIL PROTECTED]> wrote:

> A last question : what does precisely the session.invalidate stuff ?
> Indeed, in my application, when checking if the user is logged in, I
> just check whether an user is in the current session. As such, to
> "unlog" my user, I just need to do something like
> session.setUser(null). So I wonder what does precisely the invalidate
> (and as such whether I really need to do it or not). I checked on the
> API already and there is just :"Invalidates this session."

Invalidate 'unbinds' the session from the backing session store. In
practice, for default configurations, this means that the HttpSession
object that is maintained for the client is invalidated (see
HttpSession#invalidate) after the request is done, so that a client
starts with a clean slate.

Off topic, I think it's good practice to make your login page a
stateless page (using a stateless form), so that users can have that
page in front of them for hours and then sign in without even being
bothered with a session expiry exception. In fact, it's probably good
practice to have the whole part of the site where you don't require
users to log in implemented as stateless and/ or bookmarkable pages.
My 2c.

Eelco

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user