You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@wicket.apache.org by mg...@apache.org on 2014/11/24 20:44:29 UTC

wicket git commit: WICKET-5775 Replace the session upon successful signin for better support for Session Fixation

Repository: wicket
Updated Branches:
  refs/heads/master e71ba640c -> 1a0953e94


WICKET-5775 Replace the session upon successful signin for better support for Session Fixation


Project: http://git-wip-us.apache.org/repos/asf/wicket/repo
Commit: http://git-wip-us.apache.org/repos/asf/wicket/commit/1a0953e9
Tree: http://git-wip-us.apache.org/repos/asf/wicket/tree/1a0953e9
Diff: http://git-wip-us.apache.org/repos/asf/wicket/diff/1a0953e9

Branch: refs/heads/master
Commit: 1a0953e9477d80e548431cd8eabec850c8d58ad9
Parents: e71ba64
Author: Martin Tzvetanov Grigorov <mg...@apache.org>
Authored: Mon Nov 24 20:44:15 2014 +0100
Committer: Martin Tzvetanov Grigorov <mg...@apache.org>
Committed: Mon Nov 24 20:44:15 2014 +0100

----------------------------------------------------------------------
 .../wicket/authroles/authentication/AuthenticatedWebSession.java   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/wicket/blob/1a0953e9/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authentication/AuthenticatedWebSession.java
----------------------------------------------------------------------
diff --git a/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authentication/AuthenticatedWebSession.java b/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authentication/AuthenticatedWebSession.java
index 1c814e9..16bf953 100644
--- a/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authentication/AuthenticatedWebSession.java
+++ b/wicket-auth-roles/src/main/java/org/apache/wicket/authroles/authentication/AuthenticatedWebSession.java
@@ -65,7 +65,7 @@ public abstract class AuthenticatedWebSession extends AbstractAuthenticatedWebSe
 		signedIn = authenticate(username, password);
 		if (signedIn)
 		{
-			bind();
+			replaceSession();
 		}
 		return signedIn;
 	}