I have a Wicket (6.9.0) application that takes user input on a couple of pages, processes the data and finally shows a page that gives a summary of the input. The application stores some data in the session so I want to invalidate it in the end so that the user can't go back an continue with stale session data.
I tried to use session.invalidate() in my summary page, first in the constructor and then in onAfterRender() but both times I ended up seeing the "Page Expired" page and not the output of my summary page.
Is there a way to show my summary page and then invalidate my session? Or is this something that should not be done in Wicket?
The "Page expired" problem is caused by the render strategy of the framework. By default Wicket uses a redirect-after-post strategy for rendering a page. So if the session is invalidated somewhere in the Page, the following get-request will always show the "Page Expired" message because the session no longer exists.
The simple solution is to change the render strategy in the Application init method:
@Override
protected void init() {
super.init();
getRequestCycleSettings().setRenderStrategy(RenderStrategy.ONE_PASS_RENDER);
}
The downside of this solution is that it suffers from the 'double submit problem' when users press the refresh button on their browser.