[WICKET-5845] AuthenticatedWebSession.get() returns a new session with signedIn false - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 7.0.0-M5, 6.19.0
Fix Version/s: 6.20.0, 7.0.0-M6
Component/s: wicket-auth-roles
Labels:
None
Environment:
java version "1.7.0_75", Windows 7

Description

A change from Wicket 6.18.0 to Wicket 6.19.0 causes that after a successful authentication AuthenticatedWebSession.get() returns a new session with the signedIn variable set to false although during the authentication the original session sets signedIn to true.

Wicket 6.18.0
org.apache.wicket.authroles.authentication.AuthenticatedWebSession

public final boolean signIn(final String username, final String password)
	{
		signedIn = authenticate(username, password);
		if (signedIn)
		{
			bind();
		}
		return signedIn;
	}

Wickey 6.19.0

public final boolean signIn(final String username, final String password)
	{
		signedIn = authenticate(username, password);
		if (signedIn)
		{
			replaceSession();
		}
		return signedIn;
	}

Attachments

Issue Links

is related to

WICKET-5775 Replace the session upon successful signin for better support for Session Fixation

Resolved

supercedes

WICKET-5886 NullPointerException in Session.destroy()

Resolved

Activity

People

Assignee:: Martin Tzvetanov Grigorov

Reporter:: Jirka

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 03/Mar/15 20:32

Updated:: 19/Apr/15 12:19

Resolved:: 27/Mar/15 20:42