Hi,
It is a bit more involved.
You have two use cases:
- an active user became inactive and his/her session expired
- a completely new user trying to reach a protected page, but (s)he needs
to authenticate first
You want the feedback message only for the first case.
Here is how you could do it:
- register a HttpSessionListener (Servlet APIs)
- when #sessionUnbound() is called you could store the expired session id
in some temporary storage, e.g. in
MyApplication.get("my-app-name").getMyStore(), or in Redis if you need it
distributed
- later when showing the LoginPage you could check whether your store
contains the sessionId cookie from the current request
-- here it is more tricky because Wicket by default uses
REDIRECT_TO_RENDER, so you need to do that
at AuthenticatedWebApplication#restartResponseAtSignInPage() - override it,
make the check and use RestartResponseAtInterceptPageException(Class<?
extends Page> interceptPageClass, PageParameters parameters) with some flag
in the parameters that would be used by your LoginPage to decide whether to
show the feedback
On Wed, Nov 5, 2025 at 3:18 PM Francesco Chicchiriccò <[email protected]>
wrote:
> On 05/11/25 14:16, Timo Schmidt wrote:
> > Hi,
> >
> > On Mi 05.11.2025 10:47, Francesco Chicchiriccò wrote:
> >> I've been researching the web for this topic for a while now,
> >> and I would like to get some confirmation (or hint, maybe)
> >> from the community.
> >>
> >> I have an AuthenticatedWebApplication with custom login page;
> >> once servlet session times out, any click will bring back the
> >> login page.
> >>
> >> So far, so good.
> >>
> >> I would just like to add a message for the user like as
> >> "sorry, your session has timed out. please log in again" on
> >> the login page itself, on a blank page with a link to the
> >> login page - whatever.
> >>
> >> Is there any recipe out there to obtain this?
> > in your Application init() method:
> >
> >
> getApplicationSettings().setPageExpiredErrorPage(YourPageExpiredErrorPage.class);
>
> Tried already, not worked.
>
> This is for page expired, not session timeout.
>
> Regards.
>
> --
> Francesco Chicchiriccò
>
> Tirasa - Open Source Excellence
> http://www.tirasa.net/
>
> Member at The Apache Software Foundation
> Syncope, Cocoon, Olingo, CXF, OpenJPA
> https://about.me/ilgrosso
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
>
>
