The workaround definitely catches some erroneous situations. Nevertheless, it is a workaround (does not solve the root problem).
2008/5/17 Martijn Dashorst <[EMAIL PROTECTED]>: > I see a lot of folks recommending this, but nobody confirming this > actually helps. > > Martijn > > On 5/17/08, Iman Rahmatizadeh <[EMAIL PROTECTED]> wrote: >> Or just copy WicketFilter into your source, and fix it there, it'll override >> the default. Its a quick fix until the release comes out. >> >> Iman >> >> On Fri, May 16, 2008 at 10:25 AM, Johan Compagner <[EMAIL PROTECTED]> >> wrote: >> >> >> > Or get the snapshot build from or wicketstuff maven repo >> > >> > On 5/16/08, Erik van Oosten <[EMAIL PROTECTED]> wrote: >> > > Chris, >> > > >> > > If you read the thread carefuly you can extract a quick fix. You'll need >> > > it as the core developers argumented against a quick bugfix release. >> > > Just checkout Wicket from SVN and apply the patch (2 lines in the Wicket >> > > filter). Its a pain, but if you can not wait... >> > > >> > > Regards, >> > > Erik. >> > > >> > > >> > > Chris Lintz wrote: >> > >> Guys has this been resolved?? We have been having some customers >> > complain >> > >> as >> > >> well (some sending screen shots of others peoples data as proof). >> > >> Because >> > >> our users click streams are available publically at their control, we >> > had >> > >> thought jsessionids occurring in the click stream were being >> maliciously >> > >> hijacked. We plugged that hole disallowing any jsessionid to be part >> of >> > >> url >> > >> (via Servlet filter) - yes this of course means JavaScript must be >> > >> enabled. >> > >> This involuntary session sharing is still occurring. We are running >> > >> release >> > >> 1.3.2. >> > >> >> > >> >> > >> >> > > -- >> > > Erik van Oosten >> > > http://day-to-day-stuff.blogspot.com/ >> > > >> > > >> > > >> > > --------------------------------------------------------------------- >> > > To unsubscribe, e-mail: [EMAIL PROTECTED] >> > > For additional commands, e-mail: [EMAIL PROTECTED] >> > > >> > > >> > >> > --------------------------------------------------------------------- >> > To unsubscribe, e-mail: [EMAIL PROTECTED] >> > For additional commands, e-mail: [EMAIL PROTECTED] >> > >> > >> > > > -- > Buy Wicket in Action: http://manning.com/dashorst > Apache Wicket 1.3.3 is released > Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.3.3 > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]