You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@wicket.apache.org by Istvan Soos <is...@gmail.com> on 2010/01/08 17:16:11 UTC
autologin redirect for https cookie and go back
Hi,
I'd like to create automatic login with the following setup:
- The auto-login key is stored in a secure cookie issued only over https.
- I have created a separate page for this, it can read (a do
authentication) or update the cookie (on form login), and it is
sending the cookie only over https.
- Most of the things the users will land on are http
The HttpsRequestCycleProcessor gives a great job to achieve most of
that, however I'm struggling with the autologin, because I'd like to
do an initial redirect on session create. I can do a redirect to the
cookie page, it will be https, it can send the cookie, however I do
not know how to redirect back to the original page. I have no page nor
pageClass information, because the redirect happens in
WebApplication.newSession(...) and at that time the request.getPage()
is null.
Any idea or example how this should work? I'm storing the cookie
page's redirect information in the session as pageClass and
PageParameters, and these are populated manually, as the origin is
well known.
Thanks,
Istvan
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: autologin redirect for https cookie and go back
Posted by Istvan Soos <is...@gmail.com>.
It seems that I've buried myself too deep in the world of bookmarkable
pages that I've forgotten the basics of http. Oh dear, such a simple
answer, it must be Friday... :)
Thanks,
Istvan
On Fri, Jan 8, 2010 at 5:30 PM, Igor Vaynberg <ig...@gmail.com> wrote:
> but you do have the original url, so redirect back to that
>
> -igor
>
> On Fri, Jan 8, 2010 at 8:16 AM, Istvan Soos <is...@gmail.com> wrote:
>> Hi,
>>
>> I'd like to create automatic login with the following setup:
>> - The auto-login key is stored in a secure cookie issued only over https.
>> - I have created a separate page for this, it can read (a do
>> authentication) or update the cookie (on form login), and it is
>> sending the cookie only over https.
>> - Most of the things the users will land on are http
>>
>> The HttpsRequestCycleProcessor gives a great job to achieve most of
>> that, however I'm struggling with the autologin, because I'd like to
>> do an initial redirect on session create. I can do a redirect to the
>> cookie page, it will be https, it can send the cookie, however I do
>> not know how to redirect back to the original page. I have no page nor
>> pageClass information, because the redirect happens in
>> WebApplication.newSession(...) and at that time the request.getPage()
>> is null.
>>
>> Any idea or example how this should work? I'm storing the cookie
>> page's redirect information in the session as pageClass and
>> PageParameters, and these are populated manually, as the origin is
>> well known.
>>
>> Thanks,
>> Istvan
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>> For additional commands, e-mail: users-help@wicket.apache.org
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: autologin redirect for https cookie and go back
Posted by Igor Vaynberg <ig...@gmail.com>.
but you do have the original url, so redirect back to that
-igor
On Fri, Jan 8, 2010 at 8:16 AM, Istvan Soos <is...@gmail.com> wrote:
> Hi,
>
> I'd like to create automatic login with the following setup:
> - The auto-login key is stored in a secure cookie issued only over https.
> - I have created a separate page for this, it can read (a do
> authentication) or update the cookie (on form login), and it is
> sending the cookie only over https.
> - Most of the things the users will land on are http
>
> The HttpsRequestCycleProcessor gives a great job to achieve most of
> that, however I'm struggling with the autologin, because I'd like to
> do an initial redirect on session create. I can do a redirect to the
> cookie page, it will be https, it can send the cookie, however I do
> not know how to redirect back to the original page. I have no page nor
> pageClass information, because the redirect happens in
> WebApplication.newSession(...) and at that time the request.getPage()
> is null.
>
> Any idea or example how this should work? I'm storing the cookie
> page's redirect information in the session as pageClass and
> PageParameters, and these are populated manually, as the origin is
> well known.
>
> Thanks,
> Istvan
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org