It is not a workaround! The wicketfilter fix is a real fix for that situation. There is no root cause or real cause that i need to fix, at least not that i know of
On 5/17/08, Martin Makundi <[EMAIL PROTECTED]> wrote: > The workaround definitely catches some erroneous situations. > Nevertheless, it is a workaround (does not solve the root problem). > > 2008/5/17 Martijn Dashorst <[EMAIL PROTECTED]>: >> I see a lot of folks recommending this, but nobody confirming this >> actually helps. >> >> Martijn >> >> On 5/17/08, Iman Rahmatizadeh <[EMAIL PROTECTED]> wrote: >>> Or just copy WicketFilter into your source, and fix it there, it'll >>> override >>> the default. Its a quick fix until the release comes out. >>> >>> Iman >>> >>> On Fri, May 16, 2008 at 10:25 AM, Johan Compagner <[EMAIL PROTECTED]> >>> wrote: >>> >>> >>> > Or get the snapshot build from or wicketstuff maven repo >>> > >>> > On 5/16/08, Erik van Oosten <[EMAIL PROTECTED]> wrote: >>> > > Chris, >>> > > >>> > > If you read the thread carefuly you can extract a quick fix. You'll >>> need >>> > > it as the core developers argumented against a quick bugfix release. >>> > > Just checkout Wicket from SVN and apply the patch (2 lines in the >>> Wicket >>> > > filter). Its a pain, but if you can not wait... >>> > > >>> > > Regards, >>> > > Erik. >>> > > >>> > > >>> > > Chris Lintz wrote: >>> > >> Guys has this been resolved?? We have been having some customers >>> > complain >>> > >> as >>> > >> well (some sending screen shots of others peoples data as proof). >>> > >> Because >>> > >> our users click streams are available publically at their control, >>> we >>> > had >>> > >> thought jsessionids occurring in the click stream were being >>> maliciously >>> > >> hijacked. We plugged that hole disallowing any jsessionid to be >>> part of >>> > >> url >>> > >> (via Servlet filter) - yes this of course means JavaScript must be >>> > >> enabled. >>> > >> This involuntary session sharing is still occurring. We are >>> running >>> > >> release >>> > >> 1.3.2. >>> > >> >>> > >> >>> > >> >>> > > -- >>> > > Erik van Oosten >>> > > http://day-to-day-stuff.blogspot.com/ >>> > > >>> > > >>> > > >>> > > >>> --------------------------------------------------------------------- >>> > > To unsubscribe, e-mail: [EMAIL PROTECTED] >>> > > For additional commands, e-mail: [EMAIL PROTECTED] >>> > > >>> > > >>> > >>> > --------------------------------------------------------------------- >>> > To unsubscribe, e-mail: [EMAIL PROTECTED] >>> > For additional commands, e-mail: [EMAIL PROTECTED] >>> > >>> > >>> >> >> >> -- >> Buy Wicket in Action: http://manning.com/dashorst >> Apache Wicket 1.3.3 is released >> Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.3.3 >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
