Updated Branches: refs/heads/wicket-1.4.x e84146f8c -> 5e2cf48ea
[WICKET-4512] don't store session id longer than needed Project: http://git-wip-us.apache.org/repos/asf/wicket/repo Commit: http://git-wip-us.apache.org/repos/asf/wicket/commit/5e2cf48e Tree: http://git-wip-us.apache.org/repos/asf/wicket/tree/5e2cf48e Diff: http://git-wip-us.apache.org/repos/asf/wicket/diff/5e2cf48e Branch: refs/heads/wicket-1.4.x Commit: 5e2cf48ea6f230314d808ba37b68e84b1a97b9c7 Parents: e84146f Author: Carl-Eric Menzel <cmen...@wicketbuch.de> Authored: Wed Apr 25 18:24:08 2012 +0200 Committer: Carl-Eric Menzel <cmen...@wicketbuch.de> Committed: Wed Apr 25 18:24:08 2012 +0200 ---------------------------------------------------------------------- .../src/main/java/org/apache/wicket/Session.java | 4 ++++ 1 files changed, 4 insertions(+), 0 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/wicket/blob/5e2cf48e/wicket/src/main/java/org/apache/wicket/Session.java ---------------------------------------------------------------------- diff --git a/wicket/src/main/java/org/apache/wicket/Session.java b/wicket/src/main/java/org/apache/wicket/Session.java index aa12e53..fd8ef96 100644 --- a/wicket/src/main/java/org/apache/wicket/Session.java +++ b/wicket/src/main/java/org/apache/wicket/Session.java @@ -1204,6 +1204,10 @@ public abstract class Session implements IClusterable */ protected void detach() { + // remove the session id in case a container like tomcat tries to be smart by doing + // session fixation protection by changing the session id. this will simply be re-read + // from the underlying httpsession when needed. + id = null; if (sessionInvalidated) { invalidateNow();
