Uploaded image for project: 'Wicket'
  1. Wicket
  2. WICKET-5164

PageStoreManager.SessionEntry keeps outdated sessionId when container changes sessionId

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 6.7.0, 7.0.0-M1
    • 6.10.0, 7.0.0-M1
    • wicket
    • None

    Description

      PageStoreManager keeps the initial sessionId for each SessionEntry.
      If the container changes the sessionId later (e.g. Tomcat's "Session Fixation Protection"), all pages continue to be stored under the the initial sessionId. This is necessary to be able to access old pages even after a change to the sessionId.

      However PageStoreManager#sessionExpired(String) passes the current sessionId to the PageStore. If it is not longer equal the original sessionId, the PageStore will fail to remove the stored pages for the session.

      Attachments

        Issue Links

          breaks

          Bug - A problem which impairs or prevents the functions of the product. WICKET-5688 Restore the functionality an IPageManager to be able to clean all data/pages for the current session

          • Major - Major loss of function.
          • Resolved
          relates to

          Bug - A problem which impairs or prevents the functions of the product. WICKET-5103 Wicket session id not up to date when container changes session id

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              svenmeier Sven Meier
              svenmeier Sven Meier
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: