Hi Satish,
The problem here is that your quickstart uses the same page for page
expired error and error 404.
PageExpired.STATUS_CODE is 404.
Your web.xml sets the 404 error page to /404, and you mount the
PageExpired page as /404. You also set the PageExpiredErrorPage to
PageExpired.
When your session expires, the decryption key is no longer available in
the session, so the URL cannot be decrypted. This is because you are
using KeyInSessionSunJceCryptFactory, which stores a new unique random
decryption key in each session. When the session expires, a new session
is created which in turn gets a new random decryption key. The new
session's get cannot decrypt the encrypted URL which was encrypted with
the old, expired session's key.
Because the URL cannot be decrypted, no IRequestMapper can map the URL
to a IRequestHandler, and a 404 error results. So, you are not actually
getting a page expired error, you are getting a 404 error. It looks the
same to you because you are using the same page to display both errors.
The reason the home page links do not cause a 404 error is because the
URL is not encrypted on the home page, at least not in this quickstart.
(I know, I'll get back to you about the other issue you have). Because
there is no encryption on the home page link, the link remains usable to
wicket after the session has expired.
Wicket can see that you are trying to execute a callback link on the
home page, because the URL is /?1-1.ILinkListener...., but because the
session has expired, page id 1 is no longer retrievable from the page
store. However, because of the URL, wicket can tell that this was
something to do with the home page, and just recreates a new instance of
the home page and displays that to you.
You can control this behavior by calling
getPageSettings().setRecreateMountedPagesAfterExpiry(false);
Cheers,
Jesse
On 17/09/2014 17:23, sgu...@osc.state.ny.us wrote:
Hello,
I am having a problem in dealing with Session expiry specifically when
you click on a link in home page after session expiry.
The out come is you remain on home page, you are neither navigated to
the link you clicked nor redirected to PageExpired page which is
configured in
_org.apache.wicket.protocol.http.WebApplication#_init() _method_ _as_
_follows_
getApplicationSettings().setPageExpiredErrorPage(PageExpired.*class*);
mountPage("/"+ PageExpired.STATUS_CODE, PageExpired.*class*);
With that said, the behavior is different when links on other pages
(link in First Navigation page from quick start)
are clicked on session expiry, you actually hit PageExpired page.
Why is the behavior different for home page links compared to links on
other pages when it comes to session expiry ?
I am attaching a quick start to support my explanation above.
Quick Start Application flow:
i. Hit root url http://localhost:8080 <http://localhost:8080/>, you
will navigate to home page with a link to First Navigation page.
ii. In First Navigation Page we have a link to Second Navigation Page.
iii. In Second Navigation Page we have a link back to home page.
/Thanks & Regards/
/Satish Gutta/
Notice: This communication, including any attachments, is intended
solely for the use of the individual or entity to which it is
addressed. This communication may contain information that is
protected from disclosure under State and/or Federal law. Please
notify the sender immediately if you have received this communication
in error and delete this email from your system. If you are not the
intended recipient, you are requested not to disclose, copy,
distribute or take any action in reliance on the contents of this
information.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
