Uploaded image for project: 'Wicket'
  1. Wicket
  2. WICKET-5140

InterceptData never gets cleared from session after continueToOriginalDestination is called and another page is requested afterwards



    • Bug
    • Status: Resolved
    • Critical
    • Resolution: Fixed
    • 1.5.10
    • 6.8.0, 1.5.11
    • wicket
    • None


      We have the same problem as earlier described by Chris in WICKET-4500:

      "The above fix is great but we've run into another problem. If an admin user attempts to go to a restricted page and gets redirected via a RedirectToInterceptException but then decides not to log on but then goes to the normal home page authentication and then successfully logs on as a standard user that authentication will redirect to where the admin initially wanted to go to - because they never authenticated as admin continueToOriginalDestination was never called and so Wicket still thinks that when continueToOriginalDestination is called after the standard user's authentication that it needs to redirect to the original admin page... fun!

      Would it be possible to introduce an explicit 'clearRedirect' method so that when the home page does a RestartResponseException to redirect to the standard user authentication page it can, at the same time, do a 'clearRedirect' so that a subsequent call to continueToOriginalDestination does not attempt to go to the admin page.

      I can't remove the continueToOriginalDestination from the standard user authentication page because it is still required to perform a continue when it was reached by a RedirectToIntercepException from restricted pages other than the home page. "




            mgrigorov Martin Tzvetanov Grigorov
            forchel Dirk Forchel
            0 Vote for this issue
            2 Start watching this issue