Steps to reproduce:
After starting the Wicket Examples, navigate directly to:
Sign in with proper user name and password. Notice that the cookie "LoggedIn" is not set.
This does not happen if navigation to the authentication2 example is done through the examples home page. In that case, the URL is http://localhost:8080/authentication2/.
If I understand correctly, this means that bookmarkable pages cannot set cookies when they also do a redirect. e.g. a bookmarkable sign-in page.
Note that with the examples from 1.5-rc2, doing the steps described above produces a different result. In that case, signing-in does not set a cookie or actually sign-in at all. The same sign-in page is presented a second time. Sign-in works on this second page.