Wicket AuthenticatedWebApplication do not allow to be Signed In from different accounts on the same computer

Question

I am using Wicket for an Authenticated Application , and for testing reasons , I would like to be logged in on the application with two different accounts in the same time . Even though I am trying on different browsers , even using Incognito mode , it does not work . When trying to sign in with the second user it automatically log me into the first account that I had logged in.

My authenticate method from the class that extends AuthenticatedWebSession looks like this :

    @Override
    public boolean authenticate(String username, String password) {
        User loginUser = userDao.getUser(username, HashPassword.hash(password));
        if(loginUser != null)
        {
            this.user=loginUser;
            return true;
        }

        return false;

    }

Answer 1

Check what happens at IAuthenticationStrategy#load() [1]. This is where Wicket applies the "rememberMe" functionality. I don't see how the cookie would be still there in incognito mode or different browser.

1. https://github.com/apache/wicket/blob/11e969a030007e6bd0987bba551f3cf2b6b1c4a3/wicket-core/src/main/java/org/apache/wicket/authentication/strategy/DefaultAuthenticationStrategy.java#L114