You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@wicket.apache.org by "Dirk Forchel (JIRA)" <ji...@apache.org> on 2013/04/10 14:08:23 UTC

[jira] [Created] (WICKET-5140) InterceptData never gets cleared from session after continueToOriginalDestination is called and another page is requested afterwards

Dirk Forchel created WICKET-5140:
------------------------------------

             Summary: InterceptData never gets cleared from session after continueToOriginalDestination is called and another page is requested afterwards
                 Key: WICKET-5140
                 URL: https://issues.apache.org/jira/browse/WICKET-5140
             Project: Wicket
          Issue Type: Bug
          Components: wicket
    Affects Versions: 1.5.10
            Reporter: Dirk Forchel
            Priority: Critical


We have the same problem as earlier described by Chris in WICKET-4500:

"The above fix is great but we've run into another problem. If an admin user attempts to go to a restricted page and gets redirected via a RedirectToInterceptException but then decides not to log on but then goes to the normal home page authentication and then successfully logs on as a standard user that authentication will redirect to where the admin initially wanted to go to - because they never authenticated as admin continueToOriginalDestination was never called and so Wicket still thinks that when continueToOriginalDestination is called after the standard user's authentication that it needs to redirect to the original admin page... fun!

Would it be possible to introduce an explicit 'clearRedirect' method so that when the home page does a RestartResponseException to redirect to the standard user authentication page it can, at the same time, do a 'clearRedirect' so that a subsequent call to continueToOriginalDestination does not attempt to go to the admin page.

I can't remove the continueToOriginalDestination from the standard user authentication page because it is still required to perform a continue when it was reached by a RedirectToIntercepException from restricted pages other than the home page. "

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira