[
https://issues.apache.org/jira/browse/WICKET-6932?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17440507#comment-17440507
]
Martin Tzvetanov Grigorov commented on WICKET-6932:
---------------------------------------------------
Please provide a failing test case that we could use to debug and implement it!
> WicketTester can't test HttpSession transfer
> --------------------------------------------
>
> Key: WICKET-6932
> URL: https://issues.apache.org/jira/browse/WICKET-6932
> Project: Wicket
> Issue Type: Improvement
> Components: wicket
> Affects Versions: 8.12.0
> Reporter: Dirk Forchel
> Priority: Major
>
> After login into the Wicket Session it is recommended to call
> changeSessionId() to prevent session fixation. Unfortunately I can't use the
> WicketTester with the MockHttpServletRequest to test this behavior. After
> login all my session attributes are gone due to call of Session#invalidate()
> which removes all attributes.
> See MockHttpServletRequest#changeSessionId() and MockHttpSession#invalidate().
> Actually changing the Session Id is part of the HttpServletContainer
> implementation but is there a way to simulate this within the Wicket
> framework?
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
