Thank you Maxim, I thought so.
Actually, Session#invalidate comes before HttpSessionListener#sessionDestroyed, so I had
to store the same id id two different places and finally decide whether to show or not
the "session timed out" notice depending on the absence of the former and the
presence of the latter.
A little too involved for the purpose, but anyway.
Regards.
On 06/11/25 16:40, Maxim Solodovnik wrote:
from mobile (sorry for typos ;)
On Thu, Nov 6, 2025, 22:08 Francesco Chicchiriccò <[email protected]>
wrote:
One final question though: how can we understand if the logged user hit
the logout button, rather than the session timed out?
Since you are controlling the hit on logout button, you can tweak the
original logic :)
For ex. by not adding session id to your custom store
Regards.
On 2025/11/05 15:50:16 Francesco Chicchiriccò wrote:
It worked like a charm, thank you again.
Regards.
On 05/11/25 14:45, Francesco Chicchiriccò wrote:
Thank you very much Martin, I'll go ahead and follow your suggestions.
Regards.
On 05/11/25 14:38, Martin Grigorov wrote:
Hi,
It is a bit more involved.
You have two use cases:
- an active user became inactive and his/her session expired
- a completely new user trying to reach a protected page, but (s)he
needs
to authenticate first
You want the feedback message only for the first case.
Here is how you could do it:
- register a HttpSessionListener (Servlet APIs)
- when #sessionUnbound() is called you could store the expired
session id
in some temporary storage, e.g. in
MyApplication.get("my-app-name").getMyStore(), or in Redis if you
need it
distributed
- later when showing the LoginPage you could check whether your store
contains the sessionId cookie from the current request
-- here it is more tricky because Wicket by default uses
REDIRECT_TO_RENDER, so you need to do that
at AuthenticatedWebApplication#restartResponseAtSignInPage() -
override it,
make the check and use RestartResponseAtInterceptPageException(Class<?
extends Page> interceptPageClass, PageParameters parameters) with
some flag
in the parameters that would be used by your LoginPage to decide
whether to
show the feedback
On Wed, Nov 5, 2025 at 3:18 PM Francesco Chicchiriccò <
[email protected]>
wrote:
On 05/11/25 14:16, Timo Schmidt wrote:
Hi,
On Mi 05.11.2025 10:47, Francesco Chicchiriccò wrote:
I've been researching the web for this topic for a while now,
and I would like to get some confirmation (or hint, maybe)
from the community.
I have an AuthenticatedWebApplication with custom login page;
once servlet session times out, any click will bring back the
login page.
So far, so good.
I would just like to add a message for the user like as
"sorry, your session has timed out. please log in again" on
the login page itself, on a blank page with a link to the
login page - whatever.
Is there any recipe out there to obtain this?
in your Application init() method:
getApplicationSettings().setPageExpiredErrorPage(YourPageExpiredErrorPage.class);
Tried already, not worked.
This is for page expired, not session timeout.
Regards.
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA
https://about.me/ilgrosso
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
