Thanks for your response Martin, and sorry for my delayed reply! I added the breakpoint (it's line 210 in my 1.5-SNAPSHOT). I also put one at line 197, at the start of the mapRequest method, to see if it was getting into the method and finding a null value for the data variable. But neither breakpoint gets reached so the method is not being called. Does this mean that something is wrong with my wicket/shiro integration code, regarding the wicket request processing not being used correctly? I should add that I'm using a library from this "fifyfive-wicket" project (see https://github.com/55minutes/fiftyfive-wicket#readme) that pretty much sets up the wicket/shiro integration for me. Does it sound like the problem is most likely coming from there, or might something else be going on?
Thanks again, -Evan -----Original Message----- From: Martin Grigorov [mailto:mgrigo...@apache.org] Sent: Thursday, February 09, 2012 3:12 AM To: users@wicket.apache.org Subject: Re: continueToOriginalDestination seems to be incorrectly retaining destination across multiple logins Hi, The intercept data should be cleaned at org.apache.wicket.RestartResponseAtInterceptPageException, line 211 - InterceptData.clear(); Put a breakpoint there and see what happens. On Wed, Feb 8, 2012 at 7:55 PM, Evan Sable <e...@novelution.com> wrote: > Hi, > > > > I'm using wicket 1.5-SNAPSHOT along with Shiro for > authentication/authorization security, and when an unauthorized user > tries to go to a page, Shiro calls redirectToInterceptPage behind the > scenes, and during the login process, after a successful login, there is code > that says: > > if (!continueToOriginalDestination()) { > > setResponsePage(getApplication().getHomePage()); > > } > > > > It is working in the sense that if a user gets redirected to login, > they are taken to the correct destination afterwards, and if a user > just clicks the login link in a new browser they are redirected to the > homepage after login. > > > > BUT, the problem is, if an initial user tries to go to a protected > page, gets redirected to the login, logs in, and then logs out, and > then, without closing the browser, clicks the login link and logs in > with the same user again or even another user, it still redirects to the > prior "original" > destination, which should no longer take effect. I would think that > this should be forgotten upon logging out, which replaces the wicket > session > with: > > Session session = Session.get(); > > session.replaceSession(); > > > > I think I must be misunderstanding how continueToOriginalDestination > is working - I thought it was placing the original destination url > into the users session, which is why I figured that after the login > which redirects, followed by the logout which replaces the session, it would > be gone. > > > > Can someone please explain what I'm thinking about wrongly here and > why the destination is being retained across multiple logins. Also, > how can I avoid this so that the original destination is only used the > first time? Btw, just to be clear, if I logout and then click to a > new protected url, the "original destination" value is properly > replaced with the new protected destination which redirects back to > the intercept page. The problem is only if I click directly to the > login page without a new intercept, but after having previously > utilized the continueToOriginalDestination in the prior login. > > Thanks very much for any help! > > -Evan > -- Martin Grigorov jWeekend Training, Consulting, Development http://jWeekend.com --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org