Uploaded image for project: 'Wicket'
  1. Wicket
  2. WICKET-5164

PageStoreManager.SessionEntry keeps outdated sessionId when container changes sessionId

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 6.7.0, 7.0.0-M1
    • Fix Version/s: 6.10.0, 7.0.0-M1
    • Component/s: wicket
    • Labels:
      None

      Description

      PageStoreManager keeps the initial sessionId for each SessionEntry.
      If the container changes the sessionId later (e.g. Tomcat's "Session Fixation Protection"), all pages continue to be stored under the the initial sessionId. This is necessary to be able to access old pages even after a change to the sessionId.

      However PageStoreManager#sessionExpired(String) passes the current sessionId to the PageStore. If it is not longer equal the original sessionId, the PageStore will fail to remove the stored pages for the session.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                svenmeier Sven Meier
                Reporter:
                svenmeier Sven Meier
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: