wicket-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Arjun Dhar <dhar...@yahoo.com>
Subject HTTPS to HTTP invalidates Session
Date Tue, 12 Jan 2016 00:57:04 GMT
Hi,
I have an admin Panel that is on HTTPS. It allows a user to preview a link
on the site on HTTP.
The problem is when doing that, when I return to the Admin Pane land perform
any Ajax request, then what I get is:
org.apache.wicket.protocol.http.PageExpiredException: Request cannot be
processed. The target page does not exist anymore.

Observations:
a. The session is being invalidated. 
b. The JSESSION ID in the admin to start and the target page were the same
(surprised, since I thought from HTTPS to HTTP a new JSESSIONID should be
grated in target Window?) 

If someone can explain (a) & (b) and as a bonus any work around without
compromising security.
FOr me this is a Nice to Have not a Must have, but I need to understand
whats going on here.

thanks




-----
Software documentation is like sex: when it is good, it is very, very good; and when it is
bad, it is still better than nothing!
--
View this message in context: http://apache-wicket.1842946.n4.nabble.com/HTTPS-to-HTTP-invalidates-Session-tp4673262.html
Sent from the Users forum mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org


Mime
View raw message