In the wiki's documentation;
http://www.wicket-wiki.org.uk/wiki/index.php/Lifecycle
I found the following description of Servicing a Request;
1. Wicket asks the Application class to create a Session for the servlet
request. If no session exists for the incoming request, a Session object is
Does this mean that a HTTPSession is created upon a page request? Basically
I'm a little worried that if I have an application that has a security in
front of it (a login page) that a HTTPSession doesn't get created when the
user hits the login page but rather only when they are sucessfully
Where can you down wicket 2.0? I'm assuming this is a pre production release
/ build?
I agree that this is not a security issue, however a person just has to
right a simple script, say with wget to create many many session within your
application possibly causing performance and memory issues.
in 1.2 yes the session is createdBut how does your login page look like? A form with a Form component in wicket?That would mean in 1.2 a statefull page anyway.in 2.0 we have a stateless form that you can use.
johanOn 10/11/06, craigdd [EMAIL PROTECTED] wrote:
Where can you down wicket 2.0?I'm