Hi, I'm using Wicket 1.3.6 and RequestLogger.getLiveSessions to get the current sessions in my web application, but I'm experience strange behaviour when session invalidation occurs.
When the user logs out of the application, the session is invalidated. This leads to WebApplication.sessionDestroyed to be called, which removes the session from the RequestLogger.liveSessions Map and everything seems to be fine. But the execution continues and eventually RequestCycle.detach gets called, which leads to RequestLogger.requestTime. And that's where the strangest thing happens, on line 254 of RequestLogger.java the invalidated session is created again and added back to the liveSessions Map. Is this the expected behaviour? Since this ensures that the liveSessions Map includes all sessions, even the invalidated ones. And another thing, are there any downsides in keeping RequestLogger on in production environment? I'm thinking that it might hog a lot of resources, but is that the case? Regards, Taneli Korri
