You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@wicket.apache.org by "Martin Tzvetanov Grigorov (Jira)" <ji...@apache.org> on 2021/11/08 14:29:00 UTC

[jira] [Commented] (WICKET-6932) WicketTester can't test HttpSession transfer

    [ https://issues.apache.org/jira/browse/WICKET-6932?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17440507#comment-17440507 ] 

Martin Tzvetanov Grigorov commented on WICKET-6932:
---------------------------------------------------

Please provide a failing test case that we could use to debug and implement it!

> WicketTester can't test HttpSession transfer
> --------------------------------------------
>
>                 Key: WICKET-6932
>                 URL: https://issues.apache.org/jira/browse/WICKET-6932
>             Project: Wicket
>          Issue Type: Improvement
>          Components: wicket
>    Affects Versions: 8.12.0
>            Reporter: Dirk Forchel
>            Priority: Major
>
> After login into the Wicket Session it is recommended to call changeSessionId() to prevent session fixation. Unfortunately I can't use the WicketTester with the MockHttpServletRequest to test this behavior. After login all my session attributes are gone due to call of Session#invalidate() which removes all attributes.
> See MockHttpServletRequest#changeSessionId() and MockHttpSession#invalidate().
> Actually changing the Session Id is part of the HttpServletContainer implementation but is there a way to simulate this within the Wicket framework?



--
This message was sent by Atlassian Jira
(v8.20.1#820001)