Hi, in my job we have an application, and the LoginPage is like any
other page. The testing team reported that when you see the login
page, a new Session is being created by wicket (they see it in
jProfiler). I've used a StatelessForm, but the session is still being
created.

The problem is that the application will be in internet, and is VERY
easy to attack if we create a session in the login page. The only
workaround I am thining... is creating a plain html file (login), and
then redirect to a wicket page. Any other solution? thanks!!

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to