Dirk Forchel created WICKET-6932:
------------------------------------
Summary: WicketTester can't test HttpSession transfer
Key: WICKET-6932
URL: https://issues.apache.org/jira/browse/WICKET-6932
Project: Wicket
Issue Type: Improvement
Components: wicket
Affects Versions: 8.12.0
Reporter: Dirk Forchel
After login into the Wicket Session it is recommended to call changeSessionId()
to prevent session fixation. Unfortunately I can't use the WicketTester with
the MockHttpServletRequest to test this behavior. After login all my session
attributes are gone due to call of Session#invalidate() which removes all
attributes.
See MockHttpServletRequest#changeSessionId() and MockHttpSession#invalidate().
Actually changing the Session Id is part of the HttpServletContainer
implementation but is there a way to simulate this within the Wicket framework?
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
