Session problem - object stays in after invalidate()

[Ondrej Zizka <oz...@redhat.com>]

Hi,

i am trying to implement a simple authentization.

I've basically copied what's in the auth example #2 in wicket examples,
and have a Logout button:

            add( new Link("logoutLink") {
                    @Override public void onClick() {
                        sess.invalidateNow();
                        setResponsePage( HomePage.class );
                    }
                }
                .add( new Label("label", "Logout " +
sess.getUser().getName()) )

Which, when clicked, is performed, but in the second request, the User
object, which set to null in my overriden signOut(), is back in my
session object. Not sure if the same obj, but the same values.

What could be wrong?

Thanks,
Ondra 

Solved // Re: Session problem - object stays in after invalidate()

[Ondrej Zizka <oz...@redhat.com>]

Solved.
I was writing an original reply, using "I think I have something
conceptually wrong", when it hit my mind:

One of the components (the login/logout box) has this:

        final EsscAuthSession sess = (EsscAuthSession)getSession();

and the onClick() was like

            add( new Link("logoutLink") {
                    @Override public void onClick() {
                        sess.invalidate();
                    }
                }

I.e. using the old request's session in onClick()'s request.
It's a bit leaky abstraction, as I got used not to think much about
requests, but in this case I had to realize.
So now it's

            add( new Link("logoutLink") {
                    @Override public void onClick() {
                        getSession().invalidate();
                    }
                }

Maybe it should be stressed in the wicket examples to call getSession()
to warn beginners.

Thanks for replies.
Ondra





On Thu, 2012-09-27 at 10:34 +0300, Martin Grigorov wrote:

> Hi,
> 
> You need to use Session#invalidate() actually.
> 
> #invalidate() schedules a call to #invalidateNow() at the end of the
> request cycle.
> 
> By using #invalidateNow() you invalidate the current http session and
> right after this your app creates a new Session because it needs to
> finish the request cycle and the new one is what you see later. You
> can print the hashcodes to see whether I'm right.
> 
> On Thu, Sep 27, 2012 at 9:04 AM, Ondrej Zizka <oz...@redhat.com> wrote:
> > Hi,
> >
> > i am trying to implement a simple authentization.
> >
> > I've basically copied what's in the auth example #2 in wicket examples,
> > and have a Logout button:
> >
> >             add( new Link("logoutLink") {
> >                     @Override public void onClick() {
> >                         sess.invalidateNow();
> >                         setResponsePage( HomePage.class );
> >                     }
> >                 }
> >                 .add( new Label("label", "Logout " +
> > sess.getUser().getName()) )
> >
> > Which, when clicked, is performed, but in the second request, the User
> > object, which set to null in my overriden signOut(), is back in my
> > session object. Not sure if the same obj, but the same values.
> >
> > What could be wrong?
> >
> > Thanks,
> > Ondra
> 
> 
> 

Re: Session problem - object stays in after invalidate()

[Martin Grigorov <mg...@apache.org>]

Hi,

You need to use Session#invalidate() actually.

#invalidate() schedules a call to #invalidateNow() at the end of the
request cycle.

By using #invalidateNow() you invalidate the current http session and
right after this your app creates a new Session because it needs to
finish the request cycle and the new one is what you see later. You
can print the hashcodes to see whether I'm right.

On Thu, Sep 27, 2012 at 9:04 AM, Ondrej Zizka <oz...@redhat.com> wrote:
> Hi,
>
> i am trying to implement a simple authentization.
>
> I've basically copied what's in the auth example #2 in wicket examples,
> and have a Logout button:
>
>             add( new Link("logoutLink") {
>                     @Override public void onClick() {
>                         sess.invalidateNow();
>                         setResponsePage( HomePage.class );
>                     }
>                 }
>                 .add( new Label("label", "Logout " +
> sess.getUser().getName()) )
>
> Which, when clicked, is performed, but in the second request, the User
> object, which set to null in my overriden signOut(), is back in my
> session object. Not sure if the same obj, but the same values.
>
> What could be wrong?
>
> Thanks,
> Ondra



-- 
Martin Grigorov
jWeekend
Training, Consulting, Development
http://jWeekend.com

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org

Re: Session problem - object stays in after invalidate()

[manuelbarzi <ma...@gmail.com>]

> Which, when clicked, is performed, but in the second request, the User
> object, which set to null in my overriden signOut(), is back in my

when are you exactly calling signOut? cant be deduced from your
snippet and comment. Session.invalidateNow won't remove your custom
session properties by itself, but only the Wicket components.

> session object. Not sure if the same obj, but the same values.

may you debug and verify hashCode to validate same object or not

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org