Dirk Forchel created WICKET-5140:
------------------------------------
Summary: InterceptData never gets cleared from session after
continueToOriginalDestination is called and another page is requested afterwards
Key: WICKET-5140
URL: https://issues.apache.org/jira/browse/WICKET-5140
Project: Wicket
Issue Type: Bug
Components: wicket
Affects Versions: 1.5.10
Reporter: Dirk Forchel
Priority: Critical
We have the same problem as earlier described by Chris in WICKET-4500:
"The above fix is great but we've run into another problem. If an admin user
attempts to go to a restricted page and gets redirected via a
RedirectToInterceptException but then decides not to log on but then goes to
the normal home page authentication and then successfully logs on as a standard
user that authentication will redirect to where the admin initially wanted to
go to - because they never authenticated as admin continueToOriginalDestination
was never called and so Wicket still thinks that when
continueToOriginalDestination is called after the standard user's
authentication that it needs to redirect to the original admin page... fun!
Would it be possible to introduce an explicit 'clearRedirect' method so that
when the home page does a RestartResponseException to redirect to the standard
user authentication page it can, at the same time, do a 'clearRedirect' so that
a subsequent call to continueToOriginalDestination does not attempt to go to
the admin page.
I can't remove the continueToOriginalDestination from the standard user
authentication page because it is still required to perform a continue when it
was reached by a RedirectToIntercepException from restricted pages other than
the home page. "
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
