[
https://issues.apache.org/jira/browse/WICKET-5164?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sven Meier updated WICKET-5164:
-------------------------------
Description:
PageStoreManager keeps the initial sessionId for each SessionEntry.
If the container changes the sessionId later (e.g. Tomcat's "Session Fixation
Protection"), all pages continue to be stored under the the initial sessionId.
This is necessary to be able to access old pages even after a change to the
sessionId.
However PageStoreManager#sessionExpired(String) passes the *current* sessionId
to the PageStore. If it is not longer equal the original sessionId, the
PageStore will fail to remove the stored pages for the session.
was:See summary.
Affects Version/s: 7.0.0
> PageStoreManager.SessionEntry keeps outdated sessionId when container changes
> sessionId
> ---------------------------------------------------------------------------------------
>
> Key: WICKET-5164
> URL: https://issues.apache.org/jira/browse/WICKET-5164
> Project: Wicket
> Issue Type: Bug
> Components: wicket
> Affects Versions: 6.7.0, 7.0.0
> Reporter: Sven Meier
> Assignee: Sven Meier
>
> PageStoreManager keeps the initial sessionId for each SessionEntry.
> If the container changes the sessionId later (e.g. Tomcat's "Session Fixation
> Protection"), all pages continue to be stored under the the initial
> sessionId. This is necessary to be able to access old pages even after a
> change to the sessionId.
> However PageStoreManager#sessionExpired(String) passes the *current*
> sessionId to the PageStore. If it is not longer equal the original sessionId,
> the PageStore will fail to remove the stored pages for the session.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
