[
https://issues.apache.org/jira/browse/WICKET-2042?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12667094#action_12667094
]
Juergen Donnerstag commented on WICKET-2042:
--------------------------------------------
For maximum security CryptedUrlWebRequestCodingStrategy creates a per-session
unique key to encrypt the querystring (see KeyInSessionSunJceCryptFactory)
instead of an application wide key. Hence a session is created for all pages.
If you want to change that you simple need to create your own ICryptFactory
implementation and register it with
application.getSecuritySettings().setCryptFactory()
> CryptedUrlWebRequestCodingStrategy produces Sessions on stateless pages
> -----------------------------------------------------------------------
>
> Key: WICKET-2042
> URL: https://issues.apache.org/jira/browse/WICKET-2042
> Project: Wicket
> Issue Type: Bug
> Components: wicket
> Affects Versions: 1.4-RC1
> Environment: JDK 1.6, Tomcat 6
> Reporter: Carsten Hufe
> Priority: Minor
>
> CryptedUrlWebRequestCodingStrategy produces sessions on stateless pages, if I
> use WebRequestCodingStrategy, it does not produce sessions.
> By the way, CryptedUrlWebRequestCodingStrategy does not work correct with the
> WicketTester.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
