in context:
http://apache-wicket.1842946.n4.nabble.com/Login-page-stateless-tp4584483p4585721.html
Sent from the Users forum mailing list archive at Nabble.com.
-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional
Hi,
As Bas said this means that there is another component in the page
that makes it stateful.
You can use wicket-devutils's @StatelessComponent and StatelessChecker
to find out which component is causing this.
On Tue, Apr 24, 2012 at 9:50 PM, Alfonso Quiroga alfonsose...@gmail.com wrote:
Hi,
Hi, in my job we have an application, and the LoginPage is like any
other page. The testing team reported that when you see the login
page, a new Session is being created by wicket (they see it in
jProfiler). I've used a StatelessForm, but the session is still being
created.
The problem is that
It simply means there is another component on your login page which
makes the page stateful.
To find out which one, override onBeforeRender() in the login page (log
is a slf4j Logger):
@Override
protected void onBeforeRender()
{
super.onBeforeRender();
log.debug(
The problem is that the application will be in internet, and is VERY
easy to attack if we create a session in the login page
Are you worried about a session fixation attack? I just call
Session#replaceSession():
http://wicket.apache.org/apidocs/1.5/org/apache/wicket/Session.html#replaceSession()
