[jira] [Created] (WICKET-6685) Session#destroy (used in replaceSession) deletes metadata

David Rain (JIRA) Mon, 08 Jul 2019 22:45:18 -0700

David Rain created WICKET-6685:
----------------------------------

             Summary: Session#destroy (used in replaceSession) deletes metadata
                 Key: WICKET-6685
                 URL: https://issues.apache.org/jira/browse/WICKET-6685
             Project: Wicket
          Issue Type: Bug
          Components: wicket
    Affects Versions: 8.0.0
         Environment: Windows 8 / JDK 8
            Reporter: David Rain



Testerd on 8.0.5.

The destroy method od Session has added some clean-up calls, e.q. metaData = 
null.

The destroy method is also called by replaceSession method. That means, that 
replaceSession deletes metadata. But metadata are used in 
KeyInSessionSunJceCryptFactory to store the crypt key. So now in Wicket 8 
calling replaceSession (quite common security practise) means that all links 
generated before get broken.

I don't think this was the intention...



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Created] (WICKET-6685) Session#destroy (used in replaceSession) deletes metadata

Reply via email to