You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@wicket.apache.org by Martin Makundi <ma...@koodaripalvelut.com> on 2009/02/16 19:20:52 UTC

Truly killing the session

Hi!

I have found out that in order to truly have a new Session instance
(at login, for instance), the following commands are needed:
    Session.unset();
    getApplication().getSessionStore().removeAttribute(getRequest(),
Session.SESSION_ATTRIBUTE_NAME);
    getSession().replaceSession();

I am not absolutely sure which of these are exclusively necessary, but
without calling
getApplication().getSessionStore().removeAttribute(getRequest(),
Session.SESSION_ATTRIBUTE_NAME) the old Session object 'magically'
pops back up even if the replaceSession is called.

Should invalidate automatically call
getApplication().getSessionStore().removeAttribute(getRequest(),
Session.SESSION_ATTRIBUTE_NAME)

??
Martin

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org