Hi Martin, but the AbstractHttpSesionStore has a SessionBindingListener which stores the session id and the Session class has an id member variable.
The getId() implementation of the Session class uses the following logic: if (id == null) id = getSessionStore().getSessionId(RequestCycle.get().getRequest(), false); After our login procedure Session.getId() is never equal to httpSession.getId() Thomas -----Ursprüngliche Nachricht----- Von: Martin Grigorov <[email protected]> Gesendet: Mi 04.04.2012 09:39 Betreff: Re: Wicket session id not up to date due to Tomcat session fixation protection An: [email protected]; > Hi Thomas, > > Wicket doesn't store anything in its session store. > It always uses the currently active http session to get the id. > See > org.apache.wicket.protocol.http.AbstractHttpSessionStore#getSessionId(Request, > boolean) > > On Wed, Apr 4, 2012 at 9:27 AM, Thomas Rohde <[email protected]> wrote: > > Hi! > > > > We are using Wicket 1.4.20 and Tomcat 7.0.21. > > > > After form based authentication (configured in web.xml) we call > wicketSession.replaceSession() in the constructor of our base page and send a > redirect to our welcome page. Due to tomcat's session fixation protection the > session id changes for some times. After rendering the welcome page the > session > id stored in wicket's session store is not equal to the JSESSIONID. > > > > Are we doing anything wrong? Any idea? > > > > Regards, > > Thomas > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > > > > > -- > Martin Grigorov > jWeekend > Training, Consulting, Development > http://jWeekend.com > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
