You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@wicket.apache.org by christophe <ma...@wanadoo.fr> on 2019/03/25 18:18:29 UTC

Redirect to an external page & inalidate the current session

Hello

The application I am working on has an "exit" option that must
1) redirect the user to the corporate  web home page
(www.thisCorporation.com)
2) invalidate the session so that no one,especially an unauthorized user, by
clicking on the back button, would be able to get back to the application

I have tried  the following:
          cycle = currentPage.getRequestCycle();
          cycle.setResponsePage(new
RedirectPage("http://www.ThisCorporation.com");

It works however the session is still valid &  any one can get back to it

So I have tried the following:
          cycle = currentPage.getRequestCycle();
          cycle.setResponsePage(new
RedirectPage("http://www.ThisCorporation.com"); 
         session.invalidate();
This gets me a "page expired exception" instead

Can someone help me with the correct way of doing both (redirecting &
invalidating the session) please I have have spent hours on this for now
satisfactory results

Thank you



--
Sent from: http://apache-wicket.1842946.n4.nabble.com/Users-forum-f1842947.html

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org

Re: Redirect to an external page & inalidate the current session

Posted by Ernesto Reinaldo Barreiro <re...@gmail.com>.

Hi,

How are you adding security/authorization to your pages?

On Mon, Mar 25, 2019 at 9:29 PM christophe <ma...@wanadoo.fr>
wrote:

> Hello
>
> The application I am working on has an "exit" option that must
> 1) redirect the user to the corporate  web home page
> (www.thisCorporation.com)
> 2) invalidate the session so that no one,especially an unauthorized user,
> by
> clicking on the back button, would be able to get back to the application
>
> I have tried  the following:
>           cycle = currentPage.getRequestCycle();
>           cycle.setResponsePage(new
> RedirectPage("http://www.ThisCorporation.com");
>
> It works however the session is still valid &  any one can get back to it
>
> So I have tried the following:
>           cycle = currentPage.getRequestCycle();
>           cycle.setResponsePage(new
> RedirectPage("http://www.ThisCorporation.com");
>          session.invalidate();
> This gets me a "page expired exception" instead
>
> Can someone help me with the correct way of doing both (redirecting &
> invalidating the session) please I have have spent hours on this for now
> satisfactory results
>
> Thank you
>
>
>
> --
> Sent from:
> http://apache-wicket.1842946.n4.nabble.com/Users-forum-f1842947.html
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>

-- 
Regards - Ernesto Reinaldo Barreiro

Re: Redirect to an external page & inalidate the current session

Posted by Martin Grigorov <mg...@apache.org>.

Hi,

On Mon, Mar 25, 2019 at 8:29 PM christophe <ma...@wanadoo.fr>
wrote:

> Hello
>
> The application I am working on has an "exit" option that must
> 1) redirect the user to the corporate  web home page
> (www.thisCorporation.com)
> 2) invalidate the session so that no one,especially an unauthorized user,
> by
> clicking on the back button, would be able to get back to the application
>
> I have tried  the following:
>           cycle = currentPage.getRequestCycle();
>           cycle.setResponsePage(new
> RedirectPage("http://www.ThisCorporation.com");
>
> It works however the session is still valid &  any one can get back to it
>
> So I have tried the following:
>           cycle = currentPage.getRequestCycle();
>           cycle.setResponsePage(new
> RedirectPage("http://www.ThisCorporation.com");
>

Is this Wicket 1.3/1.4 ?


>          session.invalidate();
> This gets me a "page expired exception" instead
>
> Can someone help me with the correct way of doing both (redirecting &
> invalidating the session) please I have have spent hours on this for now
> satisfactory results
>

Try with:

session.invalidateNow();
throw new RedirectToUrlException("http://www.ThisCorporation.com");


>
> Thank you
>
>
>
> --
> Sent from:
> http://apache-wicket.1842946.n4.nabble.com/Users-forum-f1842947.html
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>