You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@wicket.apache.org by kkee <kk...@yahoo.com> on 2011/06/22 20:51:05 UTC
wicket-auth-role "LoggedIn" cookie
In 1.5-RC4.2, wicket-auth-role sign in procedure sets a cookie called
"LoggedIn" that expires in a month. This seems to allow the user to be
signed in to the application for a month even though the session has
expired. How can i change this cookie's timeout or prevent it from being
set?
--
View this message in context: http://apache-wicket.1842946.n4.nabble.com/wicket-auth-role-LoggedIn-cookie-tp3617827p3617827.html
Sent from the Users forum mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: wicket-auth-role "LoggedIn" cookie
Posted by kkee <kk...@yahoo.com>.
Here is what I end up doing:
getSecuritySettings().setAuthenticationStrategy(new
DefaultAuthenticationStrategy("myLoggedIn") {
private CookieUtils cookieUtils;
@Override
protected CookieUtils getCookieUtils() {
if (cookieUtils == null) {
CookieDefaults cookie = new CookieDefaults();
cookie.setMaxAge(30*60); // 30 mins
cookieUtils = new CookieUtils(cookie);
}
return cookieUtils;
}
});
--
View this message in context: http://apache-wicket.1842946.n4.nabble.com/wicket-auth-role-LoggedIn-cookie-tp3617827p3619033.html
Sent from the Users forum mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org