Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
7.0.0-M5, 6.19.0
-
None
-
java version "1.7.0_75", Windows 7
Description
A change from Wicket 6.18.0 to Wicket 6.19.0 causes that after a successful authentication AuthenticatedWebSession.get() returns a new session with the signedIn variable set to false although during the authentication the original session sets signedIn to true.
Wicket 6.18.0
org.apache.wicket.authroles.authentication.AuthenticatedWebSession
public final boolean signIn(final String username, final String password) { signedIn = authenticate(username, password); if (signedIn) { bind(); } return signedIn; }
Wickey 6.19.0
public final boolean signIn(final String username, final String password) { signedIn = authenticate(username, password); if (signedIn) { replaceSession(); } return signedIn; }
Attachments
Issue Links
- is related to
-
WICKET-5775 Replace the session upon successful signin for better support for Session Fixation
- Resolved
- supercedes
-
WICKET-5886 NullPointerException in Session.destroy()
- Resolved