Thanks for the reply Martin :) I guess these 2 lines should be enough: id = null; sessionInvalidated = false; dirty = false; Since this method is being used to renew session id only .... Or some other fields should be clean up?
On Sun, Dec 24, 2017 at 8:00 PM, Martin Grigorov <[email protected]> wrote: > Hi Maxim, > > What about Session#sequence ? And even Session#style and #feedbackMessages. > I do no see a problem to keep those too. > > Maybe instead of calling #destroy() replaceSession() should reset the > securiry related ones only ? > > Martin Grigorov > Wicket Training and Consulting > https://twitter.com/mtgrigorov > > On Sun, Dec 24, 2017 at 10:59 AM, Maxim Solodovnik <[email protected]> > wrote: > > > Hello All, > > > > I'm currently investigating weird behavior in our application: > > WebSocket.onClose message is not being received. > > > > What I found is: 2 pages are being created with same pageId > > > > I'm using replaceSession(); method to prevent session fuxation > > During session replacement process, pageId is being set to 0 .... > > > > Would it be OK if I'll create PR to preserve pageId inside replaceSession > > method? > > Or maybe is there any better option? > > > > -- > > WBR > > Maxim aka solomax > > > -- WBR Maxim aka solomax
