> Hi all,
>
> we currenlty facing some issues with the recreateBookmarkablePagesAfterExpiry
> option.
> We set this option to true, the user visits the login page and enters
> username and password ("<input type='password'></input>"). Now the user waits
> for the login till the session expires. Wicket forces a page recreate and
> append the password into the url (e.G.
> http://localhost:8080/app?user:unit:textfield=user&password:password="password";).
> This seems to be an security issue on our side. Unfortunately we can't
> disable the recreateBookmarkablePagesAfterExpiry option due some resource
> loading issues.
>
> We already thougth about what we can do to solve this issue, and it seems to
> be possible to remove this parameter form the page parameters (which are
> called for the rewrite url after an page expires).
> But before we implement this workaround we want to ask you guys if you
> already have seen this issue and if yes, if you have any better solutions?
>
> Thanks for your help...
