That's not always feasible - in respect to user experience. Just think of some order process where e.g. you are asked to log in when doing a "checkout" (of your shopping cart).
-Tom Hielke Hoeve wrote: > Webapplications should always invalidate the wicket session before > authenticating. (use Session.get().replaceSession() ) --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
