I see a lot of folks recommending this, but nobody confirming this actually helps.
Martijn On 5/17/08, Iman Rahmatizadeh <[EMAIL PROTECTED]> wrote: > Or just copy WicketFilter into your source, and fix it there, it'll override > the default. Its a quick fix until the release comes out. > > Iman > > On Fri, May 16, 2008 at 10:25 AM, Johan Compagner <[EMAIL PROTECTED]> > wrote: > > > > Or get the snapshot build from or wicketstuff maven repo > > > > On 5/16/08, Erik van Oosten <[EMAIL PROTECTED]> wrote: > > > Chris, > > > > > > If you read the thread carefuly you can extract a quick fix. You'll need > > > it as the core developers argumented against a quick bugfix release. > > > Just checkout Wicket from SVN and apply the patch (2 lines in the Wicket > > > filter). Its a pain, but if you can not wait... > > > > > > Regards, > > > Erik. > > > > > > > > > Chris Lintz wrote: > > >> Guys has this been resolved?? We have been having some customers > > complain > > >> as > > >> well (some sending screen shots of others peoples data as proof). > > >> Because > > >> our users click streams are available publically at their control, we > > had > > >> thought jsessionids occurring in the click stream were being maliciously > > >> hijacked. We plugged that hole disallowing any jsessionid to be part of > > >> url > > >> (via Servlet filter) - yes this of course means JavaScript must be > > >> enabled. > > >> This involuntary session sharing is still occurring. We are running > > >> release > > >> 1.3.2. > > >> > > >> > > >> > > > -- > > > Erik van Oosten > > > http://day-to-day-stuff.blogspot.com/ > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > -- Buy Wicket in Action: http://manning.com/dashorst Apache Wicket 1.3.3 is released Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.3.3 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
