Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
7.6.0
-
None
Description
When the user wants to log out, I call AuthenticatedWebSession#invalidate(), which, in turn, calls AuthenticatedWebSession#signOut() and sets Session#sessionInvalidated to true.
After that, at the end of request processing, RequestCycle#onDetach() is called, which in turn calls Session#detach(). The last method checks Session#sessionInvalidated state, and because it is true, invalidates session again with Session#invalidateNow().
So, if I place some business logic code in #signOut() (as in example class BasicAuthenticationSession from official guide), this code also calls twice, which may be inappropriate in some cases.
I know about WICKET-6228 ticket - now #invalidate() doesn't call #signOut(), and this can be solution for issue, but that changes not ported to Wicket 7 branch.