AuthenticatedWebSession in wicket-auth-roles does thread-unsafe access to
signedIn boolean
------------------------------------------------------------------------------------------
Key: WICKET-2715
URL: https://issues.apache.org/jira/browse/WICKET-2715
Project: Wicket
Issue Type: Bug
Components: wicket-auth-roles
Affects Versions: 1.4.6
Reporter: Sebastiaan van Erk
Sessions in Wicket must be made thread safe.
AuthenticatedWebSession in the wicket-auth-roles project is not. It is
currently possible that a user clicks logout and this request calls signOut()
in one http-thread, and the next request access the page and gets handled via a
different thread and still sees the old value of signedIn == true.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
