Hello Wicket folx. First and foremost I want to commend you on an excellent job putting together a truly impressive best-in-class framework.
I'm in the process of evaluating Wicket for a large-scale ajax-heavy enterprise application. I've got a business requirement that session invalidation must not be a disruptive event (no "expired session" warning or anything similar). Some of the most obvious options: 1. Get rid of session requirements all together by using client-side models instead of server side models so we don't have the session invalidation issue. This seems to be in line with "The next version of Wicket will support client-side models for zero-state scalability" line item on the features page. After searching the list archives I've not seen much traction on this front. Are there any potential designs being considered or other resources I could use to educate myself? 2. Extend WebRequestCycle.onRuntimeException() to redirect the browser back to the target page instead of the "expired session" error page. This approach has the drawback that the model will be reset which will cause the page to revert to default values. Ultimately, initializing the page using values from a cookie or some other stateful store that is not tied to the user's session would be ideal, if possible. 3. Use an external store instead of the J2EE session (like a RDBMS) with a data-retention policy so high the chance of a ajax request being issued against a page which has expired is practically nil. We'd also probably need to implement our own encoder to ensure the session id is placed on every link to survive J2EE session invalidation. We are most-interested in contributing any substantial work back to the community so pointers to style guidelines or other contribution-centric resources are greatly appreciated. Thank you very much. -- Hawk Newton Enterprise Architect Cobalt Group, Inc.
