You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@wicket.apache.org by "bernard (JIRA)" <ji...@apache.org> on 2010/12/27 11:49:46 UTC

[jira] Created: (WICKET-3285) Method to invalidate Session after stateful Operations eg Panel Replacement

Method to invalidate Session after stateful Operations eg Panel Replacement
---------------------------------------------------------------------------

                 Key: WICKET-3285
                 URL: https://issues.apache.org/jira/browse/WICKET-3285
             Project: Wicket
          Issue Type: Improvement
          Components: wicket
    Affects Versions: 1.4.13
         Environment: All
            Reporter: bernard


We need to invalidate the web session after a panel of the current page is replaced.

The use case is user registration where after completion, it must be avoided that the session on the same client computer can accidentally be used by someone else.


All my attempts are failing because webSession.invalidate() or even webSession.replaceSession(); have an influence on the current request/response.

Typically, one would just show a new page, e.g.

Session.invalidate();
setResponsePage(...);

but I don't have this option because I am using panel replacement that depends on the session.


I have tried the folowing but it doesn't seem to work:

replacedPanel.getPage().add(new AbstractBehavior(){
    private boolean lastTime = false;
    @Override
    public void detach(Component component) {
        super.detach(component);
        WebRequestCycle requestCycle = (WebRequestCycle) RequestCycle.get();
        WebRequest webRequest = (WebRequest) requestCycle.getRequest();
        HttpServletRequest httpServletRequest = webRequest.getHttpServletRequest();
        httpServletRequest.getSession().setMaxInactiveInterval(10);
    }
});
replacedPanel.replaceWith(newPanel);

Is it possible that the Wicket framework provides a safe method to invalidate the session
after all work is completed, including redirect after post, preferably without having to use JavaScript/AJAX hacks?

It would make sense to me that a framework that depends on sessions so heavily, provides developers with a method to
avoid errors in this use case.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Updated: (WICKET-3285) Method to invalidate Session after stateful Operations eg Panel Replacement

Posted by "bernard (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/WICKET-3285?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

bernard updated WICKET-3285:
----------------------------


I would like to close it because I cannot make a reproducing testcase where setMaxInactiveInterval() does not work

> Method to invalidate Session after stateful Operations eg Panel Replacement
> ---------------------------------------------------------------------------
>
>                 Key: WICKET-3285
>                 URL: https://issues.apache.org/jira/browse/WICKET-3285
>             Project: Wicket
>          Issue Type: Improvement
>          Components: wicket
>    Affects Versions: 1.4.13
>         Environment: All
>            Reporter: bernard
>
> We need to invalidate the web session after a panel of the current page is replaced.
> The use case is user registration where after completion, it must be avoided that the session on the same client computer can accidentally be used by someone else.
> All my attempts are failing because webSession.invalidate() or even webSession.replaceSession(); have an influence on the current request/response.
> Typically, one would just show a new page, e.g.
> Session.invalidate();
> setResponsePage(...);
> but I don't have this option because I am using panel replacement that depends on the session.
> I have tried the folowing but it doesn't seem to work:
> replacedPanel.getPage().add(new AbstractBehavior(){
>     private boolean lastTime = false;
>     @Override
>     public void detach(Component component) {
>         super.detach(component);
>         WebRequestCycle requestCycle = (WebRequestCycle) RequestCycle.get();
>         WebRequest webRequest = (WebRequest) requestCycle.getRequest();
>         HttpServletRequest httpServletRequest = webRequest.getHttpServletRequest();
>         httpServletRequest.getSession().setMaxInactiveInterval(10);
>     }
> });
> replacedPanel.replaceWith(newPanel);
> Is it possible that the Wicket framework provides a safe method to invalidate the session
> after all work is completed, including redirect after post, preferably without having to use JavaScript/AJAX hacks?
> It would make sense to me that a framework that depends on sessions so heavily, provides developers with a method to
> avoid errors in this use case.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Resolved: (WICKET-3285) Method to invalidate Session after stateful Operations eg Panel Replacement

Posted by "Igor Vaynberg (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/WICKET-3285?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Igor Vaynberg resolved WICKET-3285.
-----------------------------------

    Resolution: Cannot Reproduce

> Method to invalidate Session after stateful Operations eg Panel Replacement
> ---------------------------------------------------------------------------
>
>                 Key: WICKET-3285
>                 URL: https://issues.apache.org/jira/browse/WICKET-3285
>             Project: Wicket
>          Issue Type: Improvement
>          Components: wicket
>    Affects Versions: 1.4.13
>         Environment: All
>            Reporter: bernard
>
> We need to invalidate the web session after a panel of the current page is replaced.
> The use case is user registration where after completion, it must be avoided that the session on the same client computer can accidentally be used by someone else.
> All my attempts are failing because webSession.invalidate() or even webSession.replaceSession(); have an influence on the current request/response.
> Typically, one would just show a new page, e.g.
> Session.invalidate();
> setResponsePage(...);
> but I don't have this option because I am using panel replacement that depends on the session.
> I have tried the folowing but it doesn't seem to work:
> replacedPanel.getPage().add(new AbstractBehavior(){
>     private boolean lastTime = false;
>     @Override
>     public void detach(Component component) {
>         super.detach(component);
>         WebRequestCycle requestCycle = (WebRequestCycle) RequestCycle.get();
>         WebRequest webRequest = (WebRequest) requestCycle.getRequest();
>         HttpServletRequest httpServletRequest = webRequest.getHttpServletRequest();
>         httpServletRequest.getSession().setMaxInactiveInterval(10);
>     }
> });
> replacedPanel.replaceWith(newPanel);
> Is it possible that the Wicket framework provides a safe method to invalidate the session
> after all work is completed, including redirect after post, preferably without having to use JavaScript/AJAX hacks?
> It would make sense to me that a framework that depends on sessions so heavily, provides developers with a method to
> avoid errors in this use case.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.