I'm using Wicket 1.3.6 and RequestLogger.getLiveSessions to get the current
sessions in my web application, but I'm experience strange behaviour when
session invalidation occurs.

When the user logs out of the application, the session is invalidated. This
leads to WebApplication.sessionDestroyed to be called, which removes the
session from the RequestLogger.liveSessions Map and everything seems to be

But the execution continues and eventually RequestCycle.detach gets called,
which leads to RequestLogger.requestTime. And that's where the strangest
thing happens, on line 254 of RequestLogger.java the invalidated session is
created again and added back to the liveSessions Map.

Is this the expected behaviour? Since this ensures that the liveSessions Map
includes all sessions, even the invalidated ones.

And another thing, are there any downsides in keeping RequestLogger on in
production environment? I'm thinking that it might hog a lot of resources,
but is that the case?


Taneli Korri

Reply via email to