On Fri, Feb 22, 2019 at 4:02 AM kyc <brend...@hku.hk> wrote: > I applied the SessionPerTabHttpSessionStore and SessionPerTabBehavior (by > adding cookie to session storage) in our site (ref. to > https://issues.apache.org/jira/browse/WICKET-6358 > https://github.com/martin-g/blogs/tree/master/session-per-tab > which causes the stateless login page creates new session after loading >
This project was an experiment that is not battle tested. Looking at the code of these two classes I do not see anything that will lead to binding of a new Session. These classes have logic to store and read the Wicket session from a custom attribute in the http session, but it doesn't force binding of a Session. Something else should lead to this Wicket Behavior is stateless by default: https://github.com/apache/wicket/blob/3704144b73521c6b10de5fa7864773230762e86c/wicket-core/src/main/java/org/apache/wicket/behavior/Behavior.java#L153-L160 and SessionPerTabBehavior shouldn't make the page stateful. But anyway this behavior should be applied only to authenticated pages. There is no point in using it for public/stateless pages. > -- > Sent from: > http://apache-wicket.1842946.n4.nabble.com/Users-forum-f1842947.html > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > >
