CODEWITHSUNDEEP
javasessionwicketlogoutinvalidation
victorio
victorio

Reputation: 6646

How to log out in wicket permanently?

I have a Wicket application (the url is: localhost:7001/myWicketApp) which starts with a sign in ask. This works fine. In my home page, I have a Sign Out link.

What I want: If I click on this link, it should sign out from the session, and go to an another web page, etc. www.google.com I wrote this java code for log out:

private AjaxLink createSignOutLink() {
    return new AjaxLink("signOutLink") {
        private static final long serialVersionUID = 1L;

        @Override
        public void onClick(AjaxRequestTarget target) {
            S2rtSession.get().invalidate();
            S2rtSession.get().logout();
            throw new RedirectToUrlException("http://www.google.com");
        }
    };
}

What happening: When I click on it, it goes to the new page (www.google.com), so it seems like it works fine. BUT: When I click on the browser's BACK button (or I type again my URL without closing the browser and press ENTER), it goes back to my page WITHOUT asking for username and password. So the sign out didn't happend.

What is missing? Is there a way, to sign out permanently, or the browser is caching the username and password, and without closing the browser, it won't work?

I hope there is a way, to remove everything from the cache and the session.

Thank you!

Upvotes: 0

Views: 1362

Answers (2)

andreicostea
andreicostea

Reputation: 11

Maybe the credentials are saved in cookies, please try this code:

private AjaxLink createSignOutLink() {
        return new AjaxLink("signOutLink") {
            private static final long serialVersionUID = 1L;

            @Override
            public void onClick(AjaxRequestTarget target) {
                IAuthenticationStrategy strategy = WebApplication.get().getSecuritySettings()
                            .getAuthenticationStrategy();
                    strategy.remove();
                S2rtSession.get().logout();
                throw new RedirectToUrlException("http://www.google.com");
            }
        };
    }

Upvotes: 1

cache
cache

Reputation: 662

This code works for me but in wicket 1.5.8. But may be it helps

public class MyAppSession extends AuthenticatedWebSession implements IClusterable

And my logout link is:

logOut = new Link<Page>("logOut") {
   private static final long serialVersionUID = 1L;

   @Override
   public void onClick() {
       //MyAppSession.get().invalidate(); - **I do not remember why, but in sources i have this line an it is commented!!!**
       MyAppSession.get().signOut();
       setResponsePage(WebApplication.get().getHomePage());
   }
};

Upvotes: 1

Related Questions