You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@wicket.apache.org by cm...@apache.org on 2012/04/26 11:04:16 UTC

git commit: [WICKET-4512] don't store session id longer than needed

Updated Branches:
  refs/heads/wicket-1.4.x e84146f8c -> 5e2cf48ea


[WICKET-4512] don't store session id longer than needed


Project: http://git-wip-us.apache.org/repos/asf/wicket/repo
Commit: http://git-wip-us.apache.org/repos/asf/wicket/commit/5e2cf48e
Tree: http://git-wip-us.apache.org/repos/asf/wicket/tree/5e2cf48e
Diff: http://git-wip-us.apache.org/repos/asf/wicket/diff/5e2cf48e

Branch: refs/heads/wicket-1.4.x
Commit: 5e2cf48ea6f230314d808ba37b68e84b1a97b9c7
Parents: e84146f
Author: Carl-Eric Menzel <cm...@wicketbuch.de>
Authored: Wed Apr 25 18:24:08 2012 +0200
Committer: Carl-Eric Menzel <cm...@wicketbuch.de>
Committed: Wed Apr 25 18:24:08 2012 +0200

----------------------------------------------------------------------
 .../src/main/java/org/apache/wicket/Session.java   |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/wicket/blob/5e2cf48e/wicket/src/main/java/org/apache/wicket/Session.java
----------------------------------------------------------------------
diff --git a/wicket/src/main/java/org/apache/wicket/Session.java b/wicket/src/main/java/org/apache/wicket/Session.java
index aa12e53..fd8ef96 100644
--- a/wicket/src/main/java/org/apache/wicket/Session.java
+++ b/wicket/src/main/java/org/apache/wicket/Session.java
@@ -1204,6 +1204,10 @@ public abstract class Session implements IClusterable
 	 */
 	protected void detach()
 	{
+		// remove the session id in case a container like tomcat tries to be smart by doing
+		// session fixation protection by changing the session id. this will simply be re-read
+		// from the underlying httpsession when needed.
+		id = null;
 		if (sessionInvalidated)
 		{
 			invalidateNow();