You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@wicket.apache.org by Dan Retzlaff <dr...@gmail.com> on 2011/07/11 22:10:55 UTC
Sessions and Login Redirection
Hi all,
Our application's home / login page is stateless, so its initial request
doesn't establish a session. In the login form's onSubmit the user is
authenticated, his credentials are put into the session, and he is
redirected to a page that requires the user to be authenticated. The problem
is that the onSubmit response (an HTTP redirection) does not set the session
cookie, so the credentials get lost.
Is this an HTTP or servlet limitation associated with redirects? Is there a
solution that doesn't require the page to be stateful?
Thanks!
Dan
Re: Sessions and Login Redirection
Posted by Dan Retzlaff <dr...@gmail.com>.
That's it. I now call session.bind() in requestCycle.onEndRequest() if
credentials are set. I thought I'd tried that before, but I must have
deployed or tested incorrectly. Thanks, Martijn.
On Mon, Jul 11, 2011 at 1:35 PM, Martijn Dashorst <
martijn.dashorst@gmail.com> wrote:
> Use session.bind() to actually bind the session. Otherwise WIcket is
> in the dark that you actually want to keep the session around...
>
> Martijn
>
> On Mon, Jul 11, 2011 at 10:10 PM, Dan Retzlaff <dr...@gmail.com>
> wrote:
> > Hi all,
> >
> > Our application's home / login page is stateless, so its initial request
> > doesn't establish a session. In the login form's onSubmit the user is
> > authenticated, his credentials are put into the session, and he is
> > redirected to a page that requires the user to be authenticated. The
> problem
> > is that the onSubmit response (an HTTP redirection) does not set the
> session
> > cookie, so the credentials get lost.
> >
> > Is this an HTTP or servlet limitation associated with redirects? Is there
> a
> > solution that doesn't require the page to be stateful?
> >
> > Thanks!
> > Dan
> >
>
>
>
> --
> Become a Wicket expert, learn from the best: http://wicketinaction.com
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
Re: Sessions and Login Redirection
Posted by Martijn Dashorst <ma...@gmail.com>.
Use session.bind() to actually bind the session. Otherwise WIcket is
in the dark that you actually want to keep the session around...
Martijn
On Mon, Jul 11, 2011 at 10:10 PM, Dan Retzlaff <dr...@gmail.com> wrote:
> Hi all,
>
> Our application's home / login page is stateless, so its initial request
> doesn't establish a session. In the login form's onSubmit the user is
> authenticated, his credentials are put into the session, and he is
> redirected to a page that requires the user to be authenticated. The problem
> is that the onSubmit response (an HTTP redirection) does not set the session
> cookie, so the credentials get lost.
>
> Is this an HTTP or servlet limitation associated with redirects? Is there a
> solution that doesn't require the page to be stateful?
>
> Thanks!
> Dan
>
--
Become a Wicket expert, learn from the best: http://wicketinaction.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org