You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by cm...@apache.org on 2012/04/26 11:04:16 UTC
git commit: [WICKET-4512] don't store session id longer than needed
Updated Branches:
refs/heads/wicket-1.4.x e84146f8c -> 5e2cf48ea
[WICKET-4512] don't store session id longer than needed
Project: http://git-wip-us.apache.org/repos/asf/wicket/repo
Commit: http://git-wip-us.apache.org/repos/asf/wicket/commit/5e2cf48e
Tree: http://git-wip-us.apache.org/repos/asf/wicket/tree/5e2cf48e
Diff: http://git-wip-us.apache.org/repos/asf/wicket/diff/5e2cf48e
Branch: refs/heads/wicket-1.4.x
Commit: 5e2cf48ea6f230314d808ba37b68e84b1a97b9c7
Parents: e84146f
Author: Carl-Eric Menzel <cm...@wicketbuch.de>
Authored: Wed Apr 25 18:24:08 2012 +0200
Committer: Carl-Eric Menzel <cm...@wicketbuch.de>
Committed: Wed Apr 25 18:24:08 2012 +0200
----------------------------------------------------------------------
.../src/main/java/org/apache/wicket/Session.java | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/wicket/blob/5e2cf48e/wicket/src/main/java/org/apache/wicket/Session.java
----------------------------------------------------------------------
diff --git a/wicket/src/main/java/org/apache/wicket/Session.java b/wicket/src/main/java/org/apache/wicket/Session.java
index aa12e53..fd8ef96 100644
--- a/wicket/src/main/java/org/apache/wicket/Session.java
+++ b/wicket/src/main/java/org/apache/wicket/Session.java
@@ -1204,6 +1204,10 @@ public abstract class Session implements IClusterable
*/
protected void detach()
{
+ // remove the session id in case a container like tomcat tries to be smart by doing
+ // session fixation protection by changing the session id. this will simply be re-read
+ // from the underlying httpsession when needed.
+ id = null;
if (sessionInvalidated)
{
invalidateNow();