[
https://issues.apache.org/jira/browse/WICKET-2107?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Igor Vaynberg updated WICKET-2107:
----------------------------------
Fix Version/s: 1.5-M1
we should always throw page-expiredexception and return a session-expired page
with a 404 for any url-parsing-related errors
> Misplaced IllegalStateExceptions when accessing stateful URL with different
> session
> -----------------------------------------------------------------------------------
>
> Key: WICKET-2107
> URL: https://issues.apache.org/jira/browse/WICKET-2107
> Project: Wicket
> Issue Type: Bug
> Components: wicket
> Affects Versions: 1.3.5
> Reporter: Michael Sparer
> Fix For: 1.5-M1
>
>
> partly copied from the mailing list
> (http://www.nabble.com/exception-handling-for-session-dependent-URLs-to22037821.html):
> I recently came across a link to one of my projects where a user linked to a
> session dependent URL such as /?wicket:interface=:0::IBehaviorListener:2:3
> when clicking on that URL, a PageExpiredException gets thrown and a redirect
> to the SessionExpiredPage takes place. So far so good - that's the way it
> should be.
> However this works only for the first request (as long as the user doesn't
> have a session). If the user has a session and clicks on that link different
> exceptions might get thrown. with the URL mentioned above I've seen either a
> IllegalStateException (when it couldn't find a IBehaviorListener with the
> corresponding ID) or a ClassCastException (when it tried to cast a
> HeaderContributor to an IBehaviorListener in BehaviorRequestTarget).
> Apart from the ClassCastException, which definitely shouldn't occur, I don't
> think that IllegalStateExceptions should be thrown in (all of) those cases,
> as clicking on a session dependent link with a wrong session isn't a far
> fetched scenario.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
