You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@wicket.apache.org by "ASF subversion and git services (JIRA)" <ji...@apache.org> on 2017/03/05 20:57:33 UTC

[jira] [Commented] (WICKET-6317) AuthenticatedWebSession#signOut() calls twice after session invalidation

    [ https://issues.apache.org/jira/browse/WICKET-6317?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15896545#comment-15896545 ] 

ASF subversion and git services commented on WICKET-6317:
---------------------------------------------------------

Commit 237a830f4f412276cc31b236d46f67cec7498dd8 in wicket's branch refs/heads/wicket-7.x from [~mgrigorov]
[ https://git-wip-us.apache.org/repos/asf?p=wicket.git;h=237a830 ]

WICKET-6317 AuthenticatedWebSession#signOut() calls twice after session invalidation

Do not call #invalidate() inside #invalidateNow() if the session is already invalidated.


> AuthenticatedWebSession#signOut() calls twice after session invalidation
> ------------------------------------------------------------------------
>
>                 Key: WICKET-6317
>                 URL: https://issues.apache.org/jira/browse/WICKET-6317
>             Project: Wicket
>          Issue Type: Bug
>          Components: wicket, wicket-auth-roles
>    Affects Versions: 7.6.0
>            Reporter: Alexey Prudnikov
>            Assignee: Martin Grigorov
>
> When the user wants to log out, I call AuthenticatedWebSession#invalidate(), which, in turn, calls AuthenticatedWebSession#signOut() and sets Session#sessionInvalidated to true.
> After that, at the end of request processing, RequestCycle#onDetach() is called, which in turn calls Session#detach(). The last method checks Session#sessionInvalidated state, and because it is true, invalidates session again with Session#invalidateNow().
> So, if I place some business logic code in #signOut() (as in example class BasicAuthenticationSession from [official guide|https://ci.apache.org/projects/wicket/guide/7.x/single.html#_using_roles_with_metadata]), this code also calls twice, which may be inappropriate in some cases.
> I know about WICKET-6228 ticket - now #invalidate() doesn't call #signOut(), and this can be solution for issue, but that changes not ported to Wicket 7 branch.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)