Hi, I created a little application that tests various session behaviour. I notied something interesting with Tomcat. When session is invalidated and browser sends request to Tomcat with session id in cookie (the session was invalidated), Tomcat doesn't create new session with new id, it just reuse the session id. Just to be clean about that, here is part of the log:
PersistentSessionListener.sessionCreated(), id = 94B93B22C9E1B8B2EFA96807764C12E9 PersistentSessionListener.sessionDestroyed(), id = 94B93B22C9E1B8B2EFA96807764C12E9 PersistentSessionListener.sessionCreated(), id = 94B93B22C9E1B8B2EFA96807764C12E9 Even if suprising behaviour, it is in my opinion correct. Why to generate new session id when I can reuse the already generated one? And now to the point. It seems to me that Wicket 1.1.1 is not prepared to handle this correctly, for instance the WebApplication.redirectMap contains entries, that are not valid for the new session if it has the same id. Can someone confirm this? I use JBoss 4.0.3SP1 Thanks, Jan ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 _______________________________________________ Wicket-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/wicket-user
