It could be a bug or at least something that perhaps could be addressable in the library itself. The library remembers the accessed protected url and tries to redirect back to it, only your protected url is an ajax request. We could perhaps ignore XHRs but it still wouldn't result in a complete implementation. Conceivably, your page could also be unprotected but the action request is protected so it gets a bit hairy. You can always work around it though by returning a pre-defined success url. The open issue https://github.com/tynamo/tapestry-security/issues/2 is related.
Kalle On Wed, Apr 9, 2014 at 9:57 AM, George Christman <gchrist...@cardaddy.com>wrote: > Hi guys, I encountered the following behavior and I'm not sure if I'm doing > something incorrectly or if it's a bug. > > My user session expired while leaving my page open. I later came back to > the page and clicked one of my zone links. Rightfully so, it redirected me > to the login page, however once I logged in, it tried redirecting me back > to the ajax url rather than the original page url resulting in an > exception. > > Is this a bug or an improper implementation? >