Haulyn, The wicket in action book has all the explanations and code you need for this.
Dealing with cookies is an implementation detail that wicket and the servlet container take care of for you. From your perspective, all you need to worry about is whether the session is authenticated or not, and whether a particular page or component requires either signed in, or "admin" only access. You could look at the javadoc for authorisedwebapplication but I can't recommend the book highly enough. Martijn and Eelco seem to have anticipated all the common questions people would ask. There are also a couple of wicketstuff projects that provide security frameworks for wicket. HTH Adrian On Thu, Oct 8, 2009 at 7:19 PM, Haulyn R. Jason <saharab...@gmail.com>wrote: > Hi, > I read some articles to find how to use session validation to protect my > application.