[WICKET-2715] AuthenticatedWebSession in wicket-auth-roles does thread-unsafe access to signedIn boolean - ASF JIRA

Attach files

Attach Screenshot

Voters

Watch issue

Watchers

Create sub-task

Link

Clone

Update Comment Author

Replace String in Comment

Update Comment Visibility

Delete Comments

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 1.4.6
Fix Version/s: 1.4.7
Component/s: wicket-auth-roles
Labels:
None

Description

Sessions in Wicket must be made thread safe.

AuthenticatedWebSession in the wicket-auth-roles project is not. It is currently possible that a user clicks logout and this request calls signOut() in one http-thread, and the next request access the page and gets handled via a different thread and still sees the old value of signedIn == true.

Attachments

Activity

Comment

This comment will be Viewable by All Users Viewable by All Users

Cancel

People

Assignee:: Igor Vaynberg

Reporter:: Sebastiaan van Erk

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 03/Feb/10 16:04

Updated:: 05/Feb/10 02:44

Resolved:: 05/Feb/10 02:44

Agile

View on Board

AuthenticatedWebSession in wicket-auth-roles does thread-unsafe access to signedIn boolean

Details

Description

Attachments

Attachments

Activity

People

Dates

Agile

Slack

Issue deployment