I'm running Wicket 6.15, and I've noticed weird behavior when invalidating the user's session.
WebSession.get().invalidateNow(), I'm expecting
JSESSIONID session cookie to get deleted.
I've noticed that
JSESSIONID indeed gets deleted by getting an http response header that sets the cookie's expiry to 0.
I've noticed that this is not limited to the
JSESSIONID, but it also deletes all other session cookies.
Is there a way to change this behavior so that
WebSession.get().invalidateNow() only deletes
JSESSIONID cookie, and leaves other session cookies intact?