You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@wicket.apache.org by "bernard (JIRA)" <ji...@apache.org> on 2010/12/28 20:18:47 UTC

[jira] Updated: (WICKET-3285) Method to invalidate Session after stateful Operations eg Panel Replacement

     [ https://issues.apache.org/jira/browse/WICKET-3285?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

bernard updated WICKET-3285:
----------------------------


I would like to close it because I cannot make a reproducing testcase where setMaxInactiveInterval() does not work

> Method to invalidate Session after stateful Operations eg Panel Replacement
> ---------------------------------------------------------------------------
>
>                 Key: WICKET-3285
>                 URL: https://issues.apache.org/jira/browse/WICKET-3285
>             Project: Wicket
>          Issue Type: Improvement
>          Components: wicket
>    Affects Versions: 1.4.13
>         Environment: All
>            Reporter: bernard
>
> We need to invalidate the web session after a panel of the current page is replaced.
> The use case is user registration where after completion, it must be avoided that the session on the same client computer can accidentally be used by someone else.
> All my attempts are failing because webSession.invalidate() or even webSession.replaceSession(); have an influence on the current request/response.
> Typically, one would just show a new page, e.g.
> Session.invalidate();
> setResponsePage(...);
> but I don't have this option because I am using panel replacement that depends on the session.
> I have tried the folowing but it doesn't seem to work:
> replacedPanel.getPage().add(new AbstractBehavior(){
>     private boolean lastTime = false;
>     @Override
>     public void detach(Component component) {
>         super.detach(component);
>         WebRequestCycle requestCycle = (WebRequestCycle) RequestCycle.get();
>         WebRequest webRequest = (WebRequest) requestCycle.getRequest();
>         HttpServletRequest httpServletRequest = webRequest.getHttpServletRequest();
>         httpServletRequest.getSession().setMaxInactiveInterval(10);
>     }
> });
> replacedPanel.replaceWith(newPanel);
> Is it possible that the Wicket framework provides a safe method to invalidate the session
> after all work is completed, including redirect after post, preferably without having to use JavaScript/AJAX hacks?
> It would make sense to me that a framework that depends on sessions so heavily, provides developers with a method to
> avoid errors in this use case.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.