wicket-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Arjun Dhar <dhar...@yahoo.com>
Subject HTTPS to HTTP invalidates Session
Date Tue, 12 Jan 2016 00:57:04 GMT
I have an admin Panel that is on HTTPS. It allows a user to preview a link
on the site on HTTP.
The problem is when doing that, when I return to the Admin Pane land perform
any Ajax request, then what I get is:
org.apache.wicket.protocol.http.PageExpiredException: Request cannot be
processed. The target page does not exist anymore.

a. The session is being invalidated. 
b. The JSESSION ID in the admin to start and the target page were the same
(surprised, since I thought from HTTPS to HTTP a new JSESSIONID should be
grated in target Window?) 

If someone can explain (a) & (b) and as a bonus any work around without
compromising security.
FOr me this is a Nice to Have not a Must have, but I need to understand
whats going on here.


Software documentation is like sex: when it is good, it is very, very good; and when it is
bad, it is still better than nothing!
View this message in context: http://apache-wicket.1842946.n4.nabble.com/HTTPS-to-HTTP-invalidates-Session-tp4673262.html
Sent from the Users forum mailing list archive at Nabble.com.

To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org

View raw message