Not required, just wise. therefor i would suggest only not invalidating the session if you trigger an automatic logoff. if the user himself loggs off i would definitely invalidate. Also on an after thought, i am not sure if the app container is automatically picking up you messing with someone else his session (serializing it back to disk and stuff) so you might need to trigger something manually. maybe one of the wicket devs has some insight on this?
Maurice On Tue, Mar 4, 2008 at 11:02 PM, Warren <[EMAIL PROTECTED]> wrote: > I have tried just logging off the user and not invalidateing the session and > it does work. I just wasn't sure if I was required to invalidate it when I > called logoff(...). > > > > > -----Original Message----- > > From: Maurice Marrink [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, March 04, 2008 1:10 PM > > To: [email protected] > > Subject: Re: Wicket-Security How do you pass an error to the login page? > > > > > > How about not invalidating the session but just log off the user. That > > way you can use session.error(...) and still let the user know about > > what happened as long as they make another request before the session > > times out. > > > > There is only one extra thing you need to do, > > Starting with version 1.3.0 wasp automatically invalidates the session > > for you if you use session.logoff(....) > > public boolean logoff(Object context) > > { > > if (securityStrategy != null && > > securityStrategy.logoff(context)) > > { > > if (securityStrategy.isUserAuthenticated()) > > dirty(); > > else > > invalidate(); > > return true; > > } > > return false; > > } > > you can either choose to overwrite WaspSession.logoff or bypass the > > session.logoff(...) and use strategy.logoff(...) directly. > > > > Maurice > > > > On Tue, Mar 4, 2008 at 7:15 PM, Warren <[EMAIL PROTECTED]> wrote: > > > I have a use case that says that one user can only be logged on to one > > > device at a time. The way I implemented this is by allowing > > the user to log > > > on to a second device which would intern log them off the > > first device. I > > > have done this by having the session look for other sessions > > that have the > > > same user and then logging them off of that other session. > > This works fine, > > > but I would like to give the user of the first device a reason > > why they were > > > logged off. Here is the code I am using to log the other session off: > > > > > > session2 calls: > > > > > > session1.autoLogOff(String logOutMessage); > > > > > > > > > autoLogOff(String logOutMessage) > > > > > > if(logoff(MyApp.getLogoffContext())) > > > { > > > invalidate(); > > > error(logOutMessage); > > > } > > > > > > I can not call error(logOutMessage) since the session has been > > invalidated. > > > And I can not pass any message to the first device since the > > login page will > > > be called internally when the first device makes its next > > request and is > > > redirected to the login page. Is there any way to pass a message to the > > > first device's login page after the second device has > > invalidated the first > > > device's session? > > > > > > Thanks, > > > > > > Warren Bell > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
