Updated Branches: refs/heads/wicket-1.4.x 62c234ec4 -> ed102d329
[WICKET-4512] refresh session ID instead of just forgetting it Project: http://git-wip-us.apache.org/repos/asf/wicket/repo Commit: http://git-wip-us.apache.org/repos/asf/wicket/commit/ed102d32 Tree: http://git-wip-us.apache.org/repos/asf/wicket/tree/ed102d32 Diff: http://git-wip-us.apache.org/repos/asf/wicket/diff/ed102d32 Branch: refs/heads/wicket-1.4.x Commit: ed102d329a1920392a5c3f627c539b9330e6e5e7 Parents: 62c234e Author: Carl-Eric Menzel <cmen...@wicketbuch.de> Authored: Mon May 7 14:11:53 2012 +0200 Committer: Carl-Eric Menzel <cmen...@wicketbuch.de> Committed: Mon May 7 14:11:53 2012 +0200 ---------------------------------------------------------------------- .../src/main/java/org/apache/wicket/Session.java | 15 +++++++++++---- 1 files changed, 11 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/wicket/blob/ed102d32/wicket/src/main/java/org/apache/wicket/Session.java ---------------------------------------------------------------------- diff --git a/wicket/src/main/java/org/apache/wicket/Session.java b/wicket/src/main/java/org/apache/wicket/Session.java index fd8ef96..1dae600 100644 --- a/wicket/src/main/java/org/apache/wicket/Session.java +++ b/wicket/src/main/java/org/apache/wicket/Session.java @@ -1204,16 +1204,23 @@ public abstract class Session implements IClusterable */ protected void detach() { - // remove the session id in case a container like tomcat tries to be smart by doing - // session fixation protection by changing the session id. this will simply be re-read - // from the underlying httpsession when needed. - id = null; + refreshId(); if (sessionInvalidated) { invalidateNow(); } } + private void refreshId() + { + // refresh the session id in case a container like tomcat tries to be smart by doing + // session fixation protection by changing the session id. + // first, clear the id: + id = null; + // then re-read the id from the underlying http session: + getId(); + } + /** * Marks session state as dirty so that it will be flushed at the end of the request. */