Repository: wicket Updated Branches: refs/heads/wicket-6.x 0004c20da -> e7ab4a70e
WICKET-5775 Replace the session upon successful signin for better support for Session Fixation (cherry picked from commit 1a0953e9477d80e548431cd8eabec850c8d58ad9) Project: http://git-wip-us.apache.org/repos/asf/wicket/repo Commit: http://git-wip-us.apache.org/repos/asf/wicket/commit/e7ab4a70 Tree: http://git-wip-us.apache.org/repos/asf/wicket/tree/e7ab4a70 Diff: http://git-wip-us.apache.org/repos/asf/wicket/diff/e7ab4a70 Branch: refs/heads/wicket-6.x Commit: e7ab4a70e7927ed6b5c76763823971e926298cda Parents: 0004c20 Author: Martin Tzvetanov Grigorov <[email protected]> Authored: Mon Nov 24 20:44:15 2014 +0100 Committer: Martin Tzvetanov Grigorov <[email protected]> Committed: Mon Nov 24 20:44:32 2014 +0100 ---------------------------------------------------------------------- .../wicket/authroles/authentication/AuthenticatedWebSession.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/wicket/blob/e7ab4a70/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authentication/AuthenticatedWebSession.java ---------------------------------------------------------------------- diff --git a/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authentication/AuthenticatedWebSession.java b/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authentication/AuthenticatedWebSession.java index 13c47d5..599147d 100644 --- a/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authentication/AuthenticatedWebSession.java +++ b/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authentication/AuthenticatedWebSession.java @@ -65,7 +65,7 @@ public abstract class AuthenticatedWebSession extends AbstractAuthenticatedWebSe signedIn = authenticate(username, password); if (signedIn) { - bind(); + replaceSession(); } return signedIn; }
