Uploaded image for project: 'Wicket'
  1. Wicket
  2. WICKET-2715

AuthenticatedWebSession in wicket-auth-roles does thread-unsafe access to signedIn boolean

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 1.4.6
    • 1.4.7
    • wicket-auth-roles
    • None

    Description

      Sessions in Wicket must be made thread safe.

      AuthenticatedWebSession in the wicket-auth-roles project is not. It is currently possible that a user clicks logout and this request calls signOut() in one http-thread, and the next request access the page and gets handled via a different thread and still sees the old value of signedIn == true.

      Attachments

        Activity

          People

            ivaynberg Igor Vaynberg
            sebster Sebastiaan van Erk
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: