> Hi all, 
> 
> we currenlty facing some issues with the recreateBookmarkablePagesAfterExpiry 
> option. 
> We set this option to true, the user visits the login page and enters 
> username and password ("<input type='password'></input>"). Now the user waits 
> for the login till the session expires. Wicket forces a page recreate and 
> append the password into the url (e.G. 
> http://localhost:8080/app?user:unit:textfield=user&password:password="password";).
> This seems to be an security issue on our side. Unfortunately we can't 
> disable the recreateBookmarkablePagesAfterExpiry option due some resource 
> loading issues. 
> 
> We already thougth about what we can do to solve this issue, and it seems to 
> be possible to remove this parameter form the page parameters (which are 
> called for the rewrite url after an page expires). 
> But before we implement this workaround we want to ask you guys if you 
> already have seen this issue and if yes, if you have any better solutions? 
> 
> Thanks for your help... 

Reply via email to