> Does this mean that a HTTPSession is created upon a page request? Basically > I'm a little worried that if I have an application that has a security in > front of it (a login page) that a HTTPSession doesn't get created when the > user hits the login page but rather only when they are sucessfully validated > via the login page.
It would never be a security concern though, only possibly an efficiency/ scalability concern. In wicket 1.2, a session is always created. In Wicket 2.0, a session is created when the first statefull page (yep, that's the opposite of a stateless page, and the default in Wicket) is rendered. > It this assumption correct? and if so is there a way to override this > functionality, say only create a session if the page being requested is not > the home page? Use stateless pages with Wicket 2.0. Eelco ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user