Hi! I have found out that in order to truly have a new Session instance (at login, for instance), the following commands are needed: Session.unset(); getApplication().getSessionStore().removeAttribute(getRequest(), Session.SESSION_ATTRIBUTE_NAME); getSession().replaceSession();
I am not absolutely sure which of these are exclusively necessary, but without calling getApplication().getSessionStore().removeAttribute(getRequest(), Session.SESSION_ATTRIBUTE_NAME) the old Session object 'magically' pops back up even if the replaceSession is called. Should invalidate automatically call getApplication().getSessionStore().removeAttribute(getRequest(), Session.SESSION_ATTRIBUTE_NAME) ?? Martin --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org