One final question though: how can we understand if the logged user hit the
logout button, rather than the session timed out?
Regards.
On 2025/11/05 15:50:16 Francesco Chicchiriccò wrote:
> It worked like a charm, thank you again.
>
> Regards.
>
> On 05/11/25 14:45, Francesco Chicchiriccò wrote:
> > Thank you very much Martin, I'll go ahead and follow your suggestions.
> >
> > Regards.
> >
> > On 05/11/25 14:38, Martin Grigorov wrote:
> >> Hi,
> >>
> >> It is a bit more involved.
> >>
> >> You have two use cases:
> >> - an active user became inactive and his/her session expired
> >> - a completely new user trying to reach a protected page, but (s)he needs
> >> to authenticate first
> >>
> >> You want the feedback message only for the first case.
> >> Here is how you could do it:
> >> - register a HttpSessionListener (Servlet APIs)
> >> - when #sessionUnbound() is called you could store the expired session id
> >> in some temporary storage, e.g. in
> >> MyApplication.get("my-app-name").getMyStore(), or in Redis if you need it
> >> distributed
> >> - later when showing the LoginPage you could check whether your store
> >> contains the sessionId cookie from the current request
> >> -- here it is more tricky because Wicket by default uses
> >> REDIRECT_TO_RENDER, so you need to do that
> >> at AuthenticatedWebApplication#restartResponseAtSignInPage() - override it,
> >> make the check and use RestartResponseAtInterceptPageException(Class<?
> >> extends Page> interceptPageClass, PageParameters parameters) with some flag
> >> in the parameters that would be used by your LoginPage to decide whether to
> >> show the feedback
> >>
> >> On Wed, Nov 5, 2025 at 3:18 PM Francesco Chicchiriccò <[email protected]>
> >> wrote:
> >>
> >>> On 05/11/25 14:16, Timo Schmidt wrote:
> >>>> Hi,
> >>>>
> >>>> On Mi 05.11.2025 10:47, Francesco Chicchiriccò wrote:
> >>>>> I've been researching the web for this topic for a while now,
> >>>>> and I would like to get some confirmation (or hint, maybe)
> >>>>> from the community.
> >>>>>
> >>>>> I have an AuthenticatedWebApplication with custom login page;
> >>>>> once servlet session times out, any click will bring back the
> >>>>> login page.
> >>>>>
> >>>>> So far, so good.
> >>>>>
> >>>>> I would just like to add a message for the user like as
> >>>>> "sorry, your session has timed out. please log in again" on
> >>>>> the login page itself, on a blank page with a link to the
> >>>>> login page - whatever.
> >>>>>
> >>>>> Is there any recipe out there to obtain this?
> >>>> in your Application init() method:
> >>>>
> >>>>
> >>> getApplicationSettings().setPageExpiredErrorPage(YourPageExpiredErrorPage.class);
> >>>
> >>> Tried already, not worked.
> >>>
> >>> This is for page expired, not session timeout.
> >>>
> >>> Regards.
>
> --
> Francesco Chicchiriccò
>
> Tirasa - Open Source Excellence
> http://www.tirasa.net/
>
> Member at The Apache Software Foundation
> Syncope, Cocoon, Olingo, CXF, OpenJPA
> https://about.me/ilgrosso
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
