[WICKET-6668] Sign out the existing session if a sign in attempt has failed - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: 8.4.0, 7.13.0, 9.0.0-M2
Fix Version/s: 8.5.0, 9.0.0-M2, 7.14.0
Component/s: wicket-auth-roles
Labels:
None

Description

If a user is already authenticated but still (s)he goes to the login page and tries to sign in again with invalid credentials Wicket does not fail the attempt but continues successfully.

The correct behavior would be to report the signIn failure with error feedback message and to sign out the already authenticated user.

Attachments

Activity

People

Assignee:: Martin Tzvetanov Grigorov

Reporter:: Martin Tzvetanov Grigorov

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 16/May/19 05:41

Updated:: 16/May/19 05:45

Resolved:: 16/May/19 05:45