I have tried just logging off the user and not invalidateing the session and it does work. I just wasn't sure if I was required to invalidate it when I called logoff(...).
> -----Original Message----- > From: Maurice Marrink [mailto:[EMAIL PROTECTED] > Sent: Tuesday, March 04, 2008 1:10 PM > To: [email protected] > Subject: Re: Wicket-Security How do you pass an error to the login page? > > > How about not invalidating the session but just log off the user. That > way you can use session.error(...) and still let the user know about > what happened as long as they make another request before the session > times out. > > There is only one extra thing you need to do, > Starting with version 1.3.0 wasp automatically invalidates the session > for you if you use session.logoff(....) > public boolean logoff(Object context) > { > if (securityStrategy != null && > securityStrategy.logoff(context)) > { > if (securityStrategy.isUserAuthenticated()) > dirty(); > else > invalidate(); > return true; > } > return false; > } > you can either choose to overwrite WaspSession.logoff or bypass the > session.logoff(...) and use strategy.logoff(...) directly. > > Maurice > > On Tue, Mar 4, 2008 at 7:15 PM, Warren <[EMAIL PROTECTED]> wrote: > > I have a use case that says that one user can only be logged on to one > > device at a time. The way I implemented this is by allowing > the user to log > > on to a second device which would intern log them off the > first device. I > > have done this by having the session look for other sessions > that have the > > same user and then logging them off of that other session. > This works fine, > > but I would like to give the user of the first device a reason > why they were > > logged off. Here is the code I am using to log the other session off: > > > > session2 calls: > > > > session1.autoLogOff(String logOutMessage); > > > > > > autoLogOff(String logOutMessage) > > > > if(logoff(MyApp.getLogoffContext())) > > { > > invalidate(); > > error(logOutMessage); > > } > > > > I can not call error(logOutMessage) since the session has been > invalidated. > > And I can not pass any message to the first device since the > login page will > > be called internally when the first device makes its next > request and is > > redirected to the login page. Is there any way to pass a message to the > > first device's login page after the second device has > invalidated the first > > device's session? > > > > Thanks, > > > > Warren Bell > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
