in your LoginPage constructor:
YourSession session = Session.get();
if(session.getUserName() != null)
{
session.invalidate();
throw new RestartResponseAtInterceptPageException(LoginPage.class);
}
Then you do quickly another redirect to a new session when you try to render
the login page.
johan
On 12/16/06, Robert McClay <[EMAIL PROTECTED]> wrote:
Wicket 1.2.3
User A and B share a computer at an office.
User A logs in. Session is setup with account info. User A doesn't log
out.
User B clicks on his login bookmark, and logs in using the same session
(as it wasn't invalidated with a logout) -- the same session is reused.
The login process would then need to manually clear any of the
user-specific objects that may have been stored in the session (eg,
user preferences, whatever was set in the custom session object). A way
around this would be for the login page to invalidate the session, but
then a submit would have a page expired error.
Any graceful way around this in wicket 1.2.3?
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share
your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user
