[WICKET-6317] AuthenticatedWebSession#signOut() calls twice after session invalidation - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 7.6.0
Fix Version/s: 7.7.0, 8.0.0-M5
Component/s: wicket, wicket-auth-roles
Labels:
None

Description

When the user wants to log out, I call AuthenticatedWebSession#invalidate(), which, in turn, calls AuthenticatedWebSession#signOut() and sets Session#sessionInvalidated to true.

After that, at the end of request processing, RequestCycle#onDetach() is called, which in turn calls Session#detach(). The last method checks Session#sessionInvalidated state, and because it is true, invalidates session again with Session#invalidateNow().

So, if I place some business logic code in #signOut() (as in example class BasicAuthenticationSession from official guide), this code also calls twice, which may be inappropriate in some cases.

I know about ~~WICKET-6228~~ ticket - now #invalidate() doesn't call #signOut(), and this can be solution for issue, but that changes not ported to Wicket 7 branch.

Attachments

Activity

People

Assignee:: Martin Tzvetanov Grigorov

Reporter:: Alexey Prudnikov

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 07/Feb/17 11:39

Updated:: 05/Mar/17 20:57

Resolved:: 05/Mar/17 20:57