Hi, I've followed the Wicket guide's chapter on security in order to implement authorization. Amongst other bits it advises using the following code in the AuthenticatedPage :
@Override protected void onConfigure() { super.onConfigure(); AuthenticatedWebApplication app = (AuthenticatedWebApplication)Application.get(); //if user is not signed in, redirect him to sign in page if(!AuthenticatedWebSession.get().isSignedIn()) app.restartResponseAtSignInPage(); } The problem is that restartResponseAtSignInPage() binds a new session so I end up with a session despite redirecting to the stateless login page. Any ideas? CN -- View this message in context: http://apache-wicket.1842946.n4.nabble.com/Stateless-login-page-with-auth-roles-tp4668706.html Sent from the Users forum mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org