Hi Tom, I agree with your vision. But since Wicket is a framework around the Servlet API we call HttpSession.invalidate(). This triggers some web container internal workings and at some point Wicket is called back (see javax.servlet.http.HttpSessionListener/HttpSessionBindingListener) and Wicket clears everything that it added to this session. What happens with this session later is not our business. It may be teared down or recycled, we really don't care. Next time we need to store something in the http session we just call: httpRequest.getSession(true) and use it.
I know you use recent version of Wicket (6.x ?) and there are no pagemaps since Wicket 1.5.0 but if you find that anything leaks then it is a bug and it should be fixed. On Sat, Jun 23, 2012 at 11:31 AM, Tom Eugelink <t...@tbee.org> wrote: > Which means that upon logout, these values should be removed / cleared. A > session does not represent a user, it is a construct to bind request, no > more no less. All other usages are bolted on and should be bolted off. You > don't tear down the house, just because you are moving. > > Tom > > > On 2012-06-23 10:18, Bert wrote: >> >> But Wicket also stores the page map in the session to support back >> button functionality. If you only change the status, than the user >> could possibly (depending on how you construct your page) go back >> after the logout and see the last pages. >> >> This could be a problem on public computers. >> >> You could also see a session as representing a user, not a browser. >> Than, invalidating the session on logout makes perfect sense to me. >> >> regards >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > -- Martin Grigorov jWeekend Training, Consulting, Development http://jWeekend.com --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org