You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by cm...@apache.org on 2012/05/07 15:44:32 UTC
git commit: [WICKET-4512] refresh session ID instead of just
forgetting it
Updated Branches:
refs/heads/wicket-1.4.x 62c234ec4 -> ed102d329
[WICKET-4512] refresh session ID instead of just forgetting it
Project: http://git-wip-us.apache.org/repos/asf/wicket/repo
Commit: http://git-wip-us.apache.org/repos/asf/wicket/commit/ed102d32
Tree: http://git-wip-us.apache.org/repos/asf/wicket/tree/ed102d32
Diff: http://git-wip-us.apache.org/repos/asf/wicket/diff/ed102d32
Branch: refs/heads/wicket-1.4.x
Commit: ed102d329a1920392a5c3f627c539b9330e6e5e7
Parents: 62c234e
Author: Carl-Eric Menzel <cm...@wicketbuch.de>
Authored: Mon May 7 14:11:53 2012 +0200
Committer: Carl-Eric Menzel <cm...@wicketbuch.de>
Committed: Mon May 7 14:11:53 2012 +0200
----------------------------------------------------------------------
.../src/main/java/org/apache/wicket/Session.java | 15 +++++++++++----
1 files changed, 11 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/wicket/blob/ed102d32/wicket/src/main/java/org/apache/wicket/Session.java
----------------------------------------------------------------------
diff --git a/wicket/src/main/java/org/apache/wicket/Session.java b/wicket/src/main/java/org/apache/wicket/Session.java
index fd8ef96..1dae600 100644
--- a/wicket/src/main/java/org/apache/wicket/Session.java
+++ b/wicket/src/main/java/org/apache/wicket/Session.java
@@ -1204,16 +1204,23 @@ public abstract class Session implements IClusterable
*/
protected void detach()
{
- // remove the session id in case a container like tomcat tries to be smart by doing
- // session fixation protection by changing the session id. this will simply be re-read
- // from the underlying httpsession when needed.
- id = null;
+ refreshId();
if (sessionInvalidated)
{
invalidateNow();
}
}
+ private void refreshId()
+ {
+ // refresh the session id in case a container like tomcat tries to be smart by doing
+ // session fixation protection by changing the session id.
+ // first, clear the id:
+ id = null;
+ // then re-read the id from the underlying http session:
+ getId();
+ }
+
/**
* Marks session state as dirty so that it will be flushed at the end of the request.
*/