Hi, in my job we have an application, and the LoginPage is like any other page. The testing team reported that when you see the login page, a new Session is being created by wicket (they see it in jProfiler). I've used a StatelessForm, but the session is still being created.
The problem is that the application will be in internet, and is VERY easy to attack if we create a session in the login page. The only workaround I am thining... is creating a plain html file (login), and then redirect to a wicket page. Any other solution? thanks!! --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
