How to log out in wicket permanently?

Question

I have a Wicket application (the url is: localhost:7001/myWicketApp) which starts with a sign in ask. This works fine. In my home page, I have a Sign Out link.

What I want: If I click on this link, it should sign out from the session, and go to an another web page, etc. www.google.com I wrote this java code for log out:

private AjaxLink createSignOutLink() {
    return new AjaxLink("signOutLink") {
        private static final long serialVersionUID = 1L;

        @Override
        public void onClick(AjaxRequestTarget target) {
            S2rtSession.get().invalidate();
            S2rtSession.get().logout();
            throw new RedirectToUrlException("http://www.google.com");
        }
    };
}

What happening: When I click on it, it goes to the new page (www.google.com), so it seems like it works fine. BUT: When I click on the browser's BACK button (or I type again my URL without closing the browser and press ENTER), it goes back to my page WITHOUT asking for username and password. So the sign out didn't happend.

What is missing? Is there a way, to sign out permanently, or the browser is caching the username and password, and without closing the browser, it won't work?

I hope there is a way, to remove everything from the cache and the session.

Thank you!

score 1 · Answer 1 · answered Jan 25 '14 at 20:12

1

This code works for me but in wicket 1.5.8. But may be it helps

public class MyAppSession extends AuthenticatedWebSession implements IClusterable

And my logout link is:

logOut = new Link<Page>("logOut") {
   private static final long serialVersionUID = 1L;

   @Override
   public void onClick() {
       //MyAppSession.get().invalidate(); - **I do not remember why, but in sources i have this line an it is commented!!!**
       MyAppSession.get().signOut();
       setResponsePage(WebApplication.get().getHomePage());
   }
};

answered Jan 25 '14 at 20:12

cache

662
2
14
28

doesn't work for me. maybe the problem is that I don't have an own Sign In page, it is using the browser's authentication at the begining, and than the HomePage coming. – victorio Jan 25 '14 at 21:44
2

Yes. Your problem is in usage of basic authentication. http://stackoverflow.com/questions/233507/how-to-log-out-user-from-web-site-using-basic-authentication – cache Jan 26 '14 at 07:03

score 1 · Answer 2 · answered Feb 14 '14 at 13:37

Maybe the credentials are saved in cookies, please try this code:

private AjaxLink createSignOutLink() {
        return new AjaxLink("signOutLink") {
            private static final long serialVersionUID = 1L;

            @Override
            public void onClick(AjaxRequestTarget target) {
                IAuthenticationStrategy strategy = WebApplication.get().getSecuritySettings()
                            .getAuthenticationStrategy();
                    strategy.remove();
                S2rtSession.get().logout();
                throw new RedirectToUrlException("http://www.google.com");
            }
        };
    }

does not work. the problem is that I am using a basic authentication. but thank you. — victorio, Feb 25 '14 at 16:07

How to log out in wicket permanently?

2 Answers2