Hi,

As Bas said this means that there is another component in the page
that makes it stateful.
You can use wicket-devutils's @StatelessComponent and StatelessChecker
to find out which component is causing this.

On Tue, Apr 24, 2012 at 9:50 PM, Alfonso Quiroga <[email protected]> wrote:
> Hi, in my job we have an application, and the LoginPage is like any
> other page. The testing team reported that when you see the login
> page, a new Session is being created by wicket (they see it in
> jProfiler). I've used a StatelessForm, but the session is still being
> created.
>
> The problem is that the application will be in internet, and is VERY
> easy to attack if we create a session in the login page. The only
> workaround I am thining... is creating a plain html file (login), and
> then redirect to a wicket page. Any other solution? thanks!!

This is an option too. The only small problem here is that Wicket's
PageParameters do not parse POST parameters, so you will have to use
getRequest().getRequestParameters() in that page to read the submitted
credentials.

>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
>



-- 
Martin Grigorov
jWeekend
Training, Consulting, Development
http://jWeekend.com

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to