Hi all,
I am fairly a newbie in wicket and would appreciate your help!
I
have a wicket application which are used on Live by more than 500
users. Now the problem which has arisen is - say User A logs on - he is
able to view details of User B. It has happened for different users and
I am trying to dig the real reason.
Here is my code details -
1) I use Hibernate to fetch 'Account' objects from backend passing on the
username/password.
2) I use
MyAppSession extends WebSession
{
private Account account;
public InboundSession(Request request)
{
super(request);
}
public void setAccount(Account account)
{
this.account = account;
}
public Account getAccount()
{
return account;
}
public boolean isUserLoggedIn()
{
return account !=null;
}
}
So
effectively I check if the Account object in session is null or not and
accordingly decide whether a user is logged in or not.
2) In Login class I pass on the username/password to HibernateAccountDao and
fetch the Account object.
Account account = accountDao.getAccount(username, password)
MyAppSession session = (MyAppSession )getSession();
session.setAccount(account);
setResponsePage(Home.class);
So effectively I fetch the accout object using hibernate and store it in wicket
session.
But I am not sure how these account objects are getting mixed up between users.
Please can someone lead me to the route cause of the issue?
Thanks in advance!
SSP
The INTERNET now has a personality. YOURS! See your Yahoo! Homepage.
http://in.yahoo.com/
