You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by "Martin Tzvetanov Grigorov (Jira)" <ji...@apache.org> on 2021/11/08 14:29:00 UTC
[jira] [Commented] (WICKET-6932) WicketTester can't test
HttpSession transfer
[ https://issues.apache.org/jira/browse/WICKET-6932?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17440507#comment-17440507 ]
Martin Tzvetanov Grigorov commented on WICKET-6932:
---------------------------------------------------
Please provide a failing test case that we could use to debug and implement it!
> WicketTester can't test HttpSession transfer
> --------------------------------------------
>
> Key: WICKET-6932
> URL: https://issues.apache.org/jira/browse/WICKET-6932
> Project: Wicket
> Issue Type: Improvement
> Components: wicket
> Affects Versions: 8.12.0
> Reporter: Dirk Forchel
> Priority: Major
>
> After login into the Wicket Session it is recommended to call changeSessionId() to prevent session fixation. Unfortunately I can't use the WicketTester with the MockHttpServletRequest to test this behavior. After login all my session attributes are gone due to call of Session#invalidate() which removes all attributes.
> See MockHttpServletRequest#changeSessionId() and MockHttpSession#invalidate().
> Actually changing the Session Id is part of the HttpServletContainer implementation but is there a way to simulate this within the Wicket framework?
--
This message was sent by Atlassian Jira
(v8.20.1#820001)