[
https://issues.apache.org/jira/browse/WICKET-6685?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Martin Grigorov updated WICKET-6685:
------------------------------------
Description:
Testerd on 8.5.0.
The destroy method of Session has added some clean-up calls, e.q. metaData =
null.
The destroy method is also called by replaceSession method. That means, that
replaceSession deletes metadata. But metadata are used in
KeyInSessionSunJceCryptFactory to store the crypt key. So now in Wicket 8
calling replaceSession (quite common security practise) means that all links
generated before get broken.
I don't think this was the intention...
was:
Testerd on 8.0.5.
The destroy method od Session has added some clean-up calls, e.q. metaData =
null.
The destroy method is also called by replaceSession method. That means, that
replaceSession deletes metadata. But metadata are used in
KeyInSessionSunJceCryptFactory to store the crypt key. So now in Wicket 8
calling replaceSession (quite common security practise) means that all links
generated before get broken.
I don't think this was the intention...
> Session#destroy (used in replaceSession) deletes metadata
> ---------------------------------------------------------
>
> Key: WICKET-6685
> URL: https://issues.apache.org/jira/browse/WICKET-6685
> Project: Wicket
> Issue Type: Bug
> Components: wicket
> Affects Versions: 8.0.0
> Environment: Windows 8 / JDK 8
> Reporter: David Rain
> Priority: Major
>
> Testerd on 8.5.0.
> The destroy method of Session has added some clean-up calls, e.q. metaData =
> null.
> The destroy method is also called by replaceSession method. That means, that
> replaceSession deletes metadata. But metadata are used in
> KeyInSessionSunJceCryptFactory to store the crypt key. So now in Wicket 8
> calling replaceSession (quite common security practise) means that all links
> generated before get broken.
> I don't think this was the intention...
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
