javax.crypto.BadPaddingException on expired sessions using CryptedUrlWebRequestCodingStrategy

I am getting a WicketRuntimeException whenever a user clicks a session based
url after the session has expired. I noticed there was a previous thread
about this here:
http://old.nabble.com/Problem-with-Crypted-URL-to20533640.html#a20542221.

I was hoping since I upgraded my application to use the latest 1.4.3 that
this problem was solved, but I see that it is still occurring (You can
recreate it by opening a browser and starting a new session, restarting your
server, and then clicking a link - or just wait half an hour and try to
click a session link). For my application this is a pretty common scenario
since users may read bookmarkable urls leisurely and then click a modal
window link later, and instead of redirecting to the homepage with a nice
expiration message they get a hard error which clogs the logs up pretty bad.

Is there any plans to fix this, or anything I can do to prevent it while
maintaining crypted urls?

fatefree wrote:

Is there any plans to fix this, or anything I can do to prevent it while
maintaining crypted urls?

I tried to use the fix suggested in the previous thread, but it was just throwing a different exception and not really helping the situation. A temporary solution is the web application class is this:

@Override
    protected IRequestCycleProcessor newRequestCycleProcessor() {
    return new WebRequestCycleProcessor() {
    @Override
    protected IRequestCodingStrategy newRequestCodingStrategy() {
    return new CryptedUrlWebRequestCodingStrategy(new WebRequestCodingStrategy()) {
    @Override
                                        protected String onError(final Exception ex, String url) {
    return onError(ex);
           }
           @Override
                                        protected String onError(final Exception ex) {
            return null;
           }
    };
    }
    };
    }

With this code no exception is thrown, but on the user end nothing happens. So the link fails, there is no indication of anything happening, and a strange "random" parameter and a long value is appended to the url. Its better than the app failing I suppose, but not the best usability. It would be manageable if I could leave a session level message but I don't have any reference to a session at this point.

I'm curious if anyone else is having this problem currently, it was indicated that it was fixed in the past.