Thank you Sven for that clarification! Cheers, Tom
> On 24.04.2018, at 09:06, Sven Meier <[email protected]> wrote: > > Hi, > > replaceSession's javadoc says "replaces the underlying session". That matches > your observation. > > You have to call invalidatNow(). Note that this doesn't prevent the session > object from surviving, since it is still bound to the current thread. For > that you have to call ThreadContext#setSession(null). > > Have fun > Sven > > Am 23. April 2018 21:53:39 MESZ schrieb "Tom Götz" <[email protected]>: >> Hi there, >> >> one question concerning user login: what is the correct way of >> replacing the session after a successful user login? Calling >> org.apache.wicket.Session#replaceSession replaces the underlying web >> session. But what about the Wicket session itself? Will it also be >> replaced with a new instance? >> >> I observed the following: >> * user is already logged in with an active session >> * user navigates to login page >> * user logs in as a different user >> * underlying http session is replaced (by calling replaceSession after >> login) >> * but: Wicket session stays the same instance, i.e. new user uses >> existing Wicket session including it’s state (properties stored in >> custom Wicket session) >> >> Am I missing something or doing something wrong? >> >> Cheers, >> Tom >> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
