[
https://issues.apache.org/jira/browse/WICKET-3576?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13016857#comment-13016857
]
Michael Day commented on WICKET-3576:
-------------------------------------
I believe this bug affects my application in that users cannot log out because
the "LoggedIn" cookie is never unset when I call session.invalidate() and then
setResponsePage().
> Cannot set a cookie on bookmarkable page
> ----------------------------------------
>
> Key: WICKET-3576
> URL: https://issues.apache.org/jira/browse/WICKET-3576
> Project: Wicket
> Issue Type: Bug
> Components: wicket-core, wicket-examples
> Affects Versions: 1.5-RC2, 1.5-RC3
> Environment: wicket-examples from rev 1086031 (March 29 2011)
> Reporter: Bertrand Guay-Paquet
> Priority: Critical
> Labels: cookie
> Attachments: setCookie_failing_test.patch
>
>
> Steps to reproduce:
> //////////////////////
> After starting the Wicket Examples, navigate directly to:
> http://localhost:8080/authentication2/wicket/bookmarkable/org.apache.wicket.examples.authentication2.SignIn2
> Sign in with proper user name and password. Notice that the cookie "LoggedIn"
> is not set.
> //////////////////////
> This does not happen if navigation to the authentication2 example is done
> through the examples home page. In that case, the URL is
> http://localhost:8080/authentication2/.
> If I understand correctly, this means that bookmarkable pages cannot set
> cookies when they also do a redirect. e.g. a bookmarkable sign-in page.
> Note that with the examples from 1.5-rc2, doing the steps described above
> produces a different result. In that case, signing-in does not set a cookie
> or actually sign-in at all. The same sign-in page is presented a second time.
> Sign-in works on this second page.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
