I have updated to 6.12 (without any pane, fantastic... I cannot believe
that it was so easy)
Thanks a lot now it works
Cheers
Dirk
Am 16.11.2013 14:05, schrieb Francois Meillet:
> Update to the 6.12 version or follow Ernesto's advice or write your own
> HttpSessionStore.
>
> François Meillet
Update to the 6.12 version or follow Ernesto's advice or write your own
HttpSessionStore.
François Meillet
Formation Wicket - Développement Wicket
Le 16 nov. 2013 à 13:17, Dirk Wichmann a écrit :
> sorry, there is no methode onInvalidate() to overwrite??
>
> not in AuthenticatedWebSessio
sorry, there is no methode onInvalidate() to overwrite??
not in AuthenticatedWebSession or WebSession or in Session (I use Wicket
6.1)
Am 16.11.2013 12:47, schrieb Francois Meillet:
> In this case, override the onInvalidate() method in your custom session.
>
> from the api :
> onInvalidate is a
In this case, override the onInvalidate() method in your custom session.
from the api :
onInvalidate is a callback method that is executed when the user session is
invalidated
either by explicit call to {@link org.apache.wicket.Session#invalidate()}
or due to HttpSession expiration.
François M
Maybe bind sessionId with user ID when session is created? on a persistence
storage? So that you can recover user ID with the session Id
On Sat, Nov 16, 2013 at 12:19 PM, Dirk Wichmann wrote:
> Thanks, that works, but how can I get my WebSession Object??
> In there the user is stored and I need
Thanks, that works, but how can I get my WebSession Object??
In there the user is stored and I need the id of the user.
WebSession.get() does not work
Thanks in advance
Dirk
Am 16.11.2013 11:04, schrieb Francois Meillet:
> You can write a unboundListener and register it in your sessionStore.
> T
You can write a unboundListener and register it in your sessionStore.
This code should be in your application init()
getSessionStore().registerUnboundListener( new ISessionStore.UnboundListener() {
@Override
public void sessionUnbound(String sessionId) {
// logout t
Ok. I also have a logout page, call signout in the before-render, and then use
the exception thing to immediately forward to another page. Maybe actually
showing the logout page is the trick (better a page and autologin all the time).
What do you do on the logout page to force the logout?
Tom
Hi Tom,
we are using wicket auth and we can only logout if we use a dedicated
Signout page (with template) - if we only logout (and e.g. try to
forward right to the homepage with setResponsePage()) it doesn't work
and the user always stays logged in as you describe it.
We'd love to get rid of
wicket-auth-roles is actually an example of IAuthenticationStrategy
and IAuthorizationStrategy interfaces.
Most of the people that use it actually just see how it works and
copy/paste the related parts of it and later extend them with their
specific business logic.
afaik it uses "rememberMe" cooki
Ok. The actual problem I have is that wicket auth keeps logging in
automatically. This is a side effect of a.o. BASIC authentication (not sure if
that is used in this case, but the behavior is similar) which sends the login
credentials with every request, even if you have logged out in the mean
Hi Tom,
I agree with your vision.
But since Wicket is a framework around the Servlet API we call
HttpSession.invalidate(). This triggers some web container internal
workings and at some point Wicket is called back (see
javax.servlet.http.HttpSessionListener/HttpSessionBindingListener) and
Wicket c
Which means that upon logout, these values should be removed / cleared. A
session does not represent a user, it is a construct to bind request, no more
no less. All other usages are bolted on and should be bolted off. You don't
tear down the house, just because you are moving.
Tom
On 2012-06-
But Wicket also stores the page map in the session to support back
button functionality. If you only change the status, than the user
could possibly (depending on how you construct your page) go back
after the logout and see the last pages.
This could be a problem on public computers.
You could a
On 2012-06-22 16:57, Tom Eugelink wrote:
Anyhow, I've added Wicket Auth/Roles
(http://wicket.apache.org/learn/projects/authroles.html) as the security
framework and it is working fine except one thing; logging out.
I've found that the login / logout logic is invalidating the session. During a
If that bookmarkable uri is a stateless page, will that prevent a new
session from being established? (Assuming the default session store is in
use)
On Dec 3, 2010 10:14 PM, "Igor Vaynberg" wrote:
> it is a good idea to always redirect to a bookmarkable url after
> invalidating your session.
>
> -
maybe i misunderstood, but wouldn't removing the page from the page map be
sufficient? we do this for our confirmation pages that show sensitive data
(like temporary passwords).
--
View this message in context:
http://apache-wicket.1842946.n4.nabble.com/Logout-Session-destroy-on-the-last-sta
Isn't this what will happen next time he tried to "visit" any page on
the server?
Ernesto
On Sat, Dec 4, 2010 at 5:13 AM, Igor Vaynberg wrote:
> it is a good idea to always redirect to a bookmarkable url after
> invalidating your session.
>
> -igor
>
> On Thu, Dec 2, 2010 at 2:08 AM, Ernesto Rei
it is a good idea to always redirect to a bookmarkable url after
invalidating your session.
-igor
On Thu, Dec 2, 2010 at 2:08 AM, Ernesto Reinaldo Barreiro
wrote:
> e.g. you could:
>
> 1-Place and AbstractDefaultAjaxBehavior on you page (e.g. to some div
> on your page). Use urlFor to generate t
e.g. you could:
1-Place and AbstractDefaultAjaxBehavior on you page (e.g. to some div
on your page). Use urlFor to generate the URL to this behavior. On
respond(AjaxRequestTarget target) {
Invalidate your session.
}
2-Make your page implement IHeaderContributor and on
public void renderHea
Hi Matt,
I see. Then maybe adding some "onDomReady" javascript to
ConfirmationPage that simply goes back to the server and invalidates
the session? Probably this can't use wicket AJAX machinery: because
that will probably will also trigger a redirect.
Regards,
Ernesto
On Thu, Dec 2, 2010 at 10:
Hi Ernesto
No that's not possible because the ConfirmationPage is *stateful* and
contains lots of information from the session/page state, so it must be
allowed to display the pre-rendered page once but after that request,
the session must be invalidated.
Thanks
Matt
On 2010-12-02 10:34, E
Matt,
Can't you just do some kind of trick so that your ConfirmationPage is
served as the home page? So that you invalidate the session but at
getHomePage() you temporarily return your ConfirmationPage?
Regards,
Ernesto
On Thu, Dec 2, 2010 at 10:06 AM, Matthias Keller
wrote:
> Hi Randy
>
> Yes
Hi Randy
Yes it appears to have something to do with that. Our app uses the
REDIRECT_BUFFER by default (we never actively configured this though)
which appears to be a sensible option for normal operation. I'm not very
familiar with the render strategies but you appear to be right: The page
i
Does the redirect to the home page happen because of Wicket's default render
strategy (REDIRECT_TO_BUFFER) that causes two requests? You invalidate
session on the first which redirects to the buffered response. When the
second request comes in expecting to get the already-rendered response, you
ge
Hi!
I am curious too. For this reason we had to build our logoutpage so
that it invalidtes session logically but not in httpsession sense.
Only clicking something from login page will do that.
But it's a hack, I would like to know what's the proper way ;)
**
Martin
2010/12/1 Matthias Keller
hhehe, using back browser in this case will just yield a page expired
page, if you set it up you can tell it to show a login page instead...
You might want to look into the simpleautorisation strategi here.
tbt wrote:
well it is the browser button that i'm concerned about :)
I want it to be so
well it is the browser button that i'm concerned about :)
I want it to be something like a mail account where once you logout you
can't use the back button in the browser to navigate inside the
application(eg: yahoo mail).
Nino.Martinez wrote:
>
> session.invalidate() and use setResponsePage t
session.invalidate() and use setResponsePage to navigate to where you
want when pressing back button (Thinking its not the browser button?)
-Nino
tbt wrote:
Hi
I'm a newbie to wicket and i'm currently using a Session to log users into
my application. When the users click a logout button a new
29 matches
Mail list logo
