Repository: wicket
Updated Branches:
  refs/heads/wicket-6.x 0004c20da -> e7ab4a70e


WICKET-5775 Replace the session upon successful signin for better support for 
Session Fixation

(cherry picked from commit 1a0953e9477d80e548431cd8eabec850c8d58ad9)


Project: http://git-wip-us.apache.org/repos/asf/wicket/repo
Commit: http://git-wip-us.apache.org/repos/asf/wicket/commit/e7ab4a70
Tree: http://git-wip-us.apache.org/repos/asf/wicket/tree/e7ab4a70
Diff: http://git-wip-us.apache.org/repos/asf/wicket/diff/e7ab4a70

Branch: refs/heads/wicket-6.x
Commit: e7ab4a70e7927ed6b5c76763823971e926298cda
Parents: 0004c20
Author: Martin Tzvetanov Grigorov <[email protected]>
Authored: Mon Nov 24 20:44:15 2014 +0100
Committer: Martin Tzvetanov Grigorov <[email protected]>
Committed: Mon Nov 24 20:44:32 2014 +0100

----------------------------------------------------------------------
 .../wicket/authroles/authentication/AuthenticatedWebSession.java   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/wicket/blob/e7ab4a70/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authentication/AuthenticatedWebSession.java
----------------------------------------------------------------------
diff --git 
a/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authentication/AuthenticatedWebSession.java
 
b/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authentication/AuthenticatedWebSession.java
index 13c47d5..599147d 100644
--- 
a/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authentication/AuthenticatedWebSession.java
+++ 
b/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authentication/AuthenticatedWebSession.java
@@ -65,7 +65,7 @@ public abstract class AuthenticatedWebSession extends 
AbstractAuthenticatedWebSe
                signedIn = authenticate(username, password);
                if (signedIn)
                {
-                       bind();
+                       replaceSession();
                }
                return signedIn;
        }

Reply via email to