Which means that upon logout, these values should be removed / cleared. A session does not represent a user, it is a construct to bind request, no more no less. All other usages are bolted on and should be bolted off. You don't tear down the house, just because you are moving.
Tom On 2012-06-23 10:18, Bert wrote:
But Wicket also stores the page map in the session to support back button functionality. If you only change the status, than the user could possibly (depending on how you construct your page) go back after the logout and see the last pages. This could be a problem on public computers. You could also see a session as representing a user, not a browser. Than, invalidating the session on logout makes perfect sense to me. regards
--------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
