You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by "bernard (JIRA)" <ji...@apache.org> on 2010/12/28 20:18:47 UTC
[jira] Updated: (WICKET-3285) Method to invalidate Session after
stateful Operations eg Panel Replacement
[ https://issues.apache.org/jira/browse/WICKET-3285?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
bernard updated WICKET-3285:
----------------------------
I would like to close it because I cannot make a reproducing testcase where setMaxInactiveInterval() does not work
> Method to invalidate Session after stateful Operations eg Panel Replacement
> ---------------------------------------------------------------------------
>
> Key: WICKET-3285
> URL: https://issues.apache.org/jira/browse/WICKET-3285
> Project: Wicket
> Issue Type: Improvement
> Components: wicket
> Affects Versions: 1.4.13
> Environment: All
> Reporter: bernard
>
> We need to invalidate the web session after a panel of the current page is replaced.
> The use case is user registration where after completion, it must be avoided that the session on the same client computer can accidentally be used by someone else.
> All my attempts are failing because webSession.invalidate() or even webSession.replaceSession(); have an influence on the current request/response.
> Typically, one would just show a new page, e.g.
> Session.invalidate();
> setResponsePage(...);
> but I don't have this option because I am using panel replacement that depends on the session.
> I have tried the folowing but it doesn't seem to work:
> replacedPanel.getPage().add(new AbstractBehavior(){
> private boolean lastTime = false;
> @Override
> public void detach(Component component) {
> super.detach(component);
> WebRequestCycle requestCycle = (WebRequestCycle) RequestCycle.get();
> WebRequest webRequest = (WebRequest) requestCycle.getRequest();
> HttpServletRequest httpServletRequest = webRequest.getHttpServletRequest();
> httpServletRequest.getSession().setMaxInactiveInterval(10);
> }
> });
> replacedPanel.replaceWith(newPanel);
> Is it possible that the Wicket framework provides a safe method to invalidate the session
> after all work is completed, including redirect after post, preferably without having to use JavaScript/AJAX hacks?
> It would make sense to me that a framework that depends on sessions so heavily, provides developers with a method to
> avoid errors in this use case.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.