please make a jira issue for this On Thu, Aug 7, 2008 at 2:52 PM, RUMikeP <[EMAIL PROTECTED]> wrote:
> > Many thanks for the quick response. > > The pre-login session files in the temp filestore directory are not > removed, > even after the session timeout. All the new sessions are removed as they > expire, but the ones that are invalidated using the patch below remain > indefinitely. > > > > > > > no what you see is that by default the http session store has a new window > browser detection (new pagemap) > It needs that because of the way pages are stored and rollbacked. > > The DiskPageStore doesnt need that it can get all the pages back that it > wants > so for that the new window detection is by default not enabled. > > Old sessions are not cleand up with the diskpagestore? > What is not cleaned up? > > > johan > > > -- > View this message in context: > http://www.nabble.com/How-to-protect-against-Session-Fixation-attacks--tp18734278p18869780.html > Sent from the Wicket - User mailing list archive at Nabble.com. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
