It simply means there is another component on your login page which
makes the page stateful.
To find out which one, override onBeforeRender() in the login page (log
is a slf4j Logger):
@Override
protected void onBeforeRender()
{
super.onBeforeRender();
log.debug( "Stateless? {}", getSession().isTemporary() );
if( !getSession().isTemporary() && log.isTraceEnabled() )
{
// Print which component is stateful
visitChildren( Component.class, new IVisitor<Component>()
{
@Override
public Object component( Component component )
{
if( !component.isStateless() )
{
log.trace( "+ Stateful: {}", component );
}
return CONTINUE_TRAVERSAL;
}
} );
}
}
Op 24-4-2012 20:50, schreef Alfonso Quiroga:
Hi, in my job we have an application, and the LoginPage is like any
other page. The testing team reported that when you see the login
page, a new Session is being created by wicket (they see it in
jProfiler). I've used a StatelessForm, but the session is still being
created.
The problem is that the application will be in internet, and is VERY
easy to attack if we create a session in the login page. The only
workaround I am thining... is creating a plain html file (login), and
then redirect to a wicket page. Any other solution? thanks!!
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org