You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@wicket.apache.org by "Martin Grigorov (JIRA)" <ji...@apache.org> on 2013/04/26 17:08:15 UTC

[jira] [Updated] (WICKET-5140) InterceptData never gets cleared from session after continueToOriginalDestination is called and another page is requested afterwards

     [ https://issues.apache.org/jira/browse/WICKET-5140?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Martin Grigorov updated WICKET-5140:
------------------------------------

    Fix Version/s: 1.5.11
    
> InterceptData never gets cleared from session after continueToOriginalDestination is called and another page is requested afterwards
> ------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: WICKET-5140
>                 URL: https://issues.apache.org/jira/browse/WICKET-5140
>             Project: Wicket
>          Issue Type: Bug
>          Components: wicket
>    Affects Versions: 1.5.10
>            Reporter: Dirk Forchel
>            Assignee: Martin Grigorov
>            Priority: Critical
>             Fix For: 6.8.0, 1.5.11
>
>
> We have the same problem as earlier described by Chris in WICKET-4500:
> "The above fix is great but we've run into another problem. If an admin user attempts to go to a restricted page and gets redirected via a RedirectToInterceptException but then decides not to log on but then goes to the normal home page authentication and then successfully logs on as a standard user that authentication will redirect to where the admin initially wanted to go to - because they never authenticated as admin continueToOriginalDestination was never called and so Wicket still thinks that when continueToOriginalDestination is called after the standard user's authentication that it needs to redirect to the original admin page... fun!
> Would it be possible to introduce an explicit 'clearRedirect' method so that when the home page does a RestartResponseException to redirect to the standard user authentication page it can, at the same time, do a 'clearRedirect' so that a subsequent call to continueToOriginalDestination does not attempt to go to the admin page.
> I can't remove the continueToOriginalDestination from the standard user authentication page because it is still required to perform a continue when it was reached by a RedirectToIntercepException from restricted pages other than the home page. "

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira