was this problem solved in Wicket 1.3.4? is there a jira issue associated with this problem?
Martin Makundi wrote: > > Ok. I meant the WicketServlet fix. Haven't seen the wicketFilter fix. > > ** > Martin > > 2008/5/17 Johan Compagner <jcompag...@gmail.com>: >> It is not a workaround! >> The wicketfilter fix is a real fix for that situation. There is no >> root cause or real cause that i need to fix, at least not that i know >> of >> >> On 5/17/08, Martin Makundi <martin.maku...@koodaripalvelut.com> wrote: >>> The workaround definitely catches some erroneous situations. >>> Nevertheless, it is a workaround (does not solve the root problem). >>> >>> 2008/5/17 Martijn Dashorst <martijn.dasho...@gmail.com>: >>>> I see a lot of folks recommending this, but nobody confirming this >>>> actually helps. >>>> >>>> Martijn >>>> >>>> On 5/17/08, Iman Rahmatizadeh <iman.rahmatiza...@gmail.com> wrote: >>>>> Or just copy WicketFilter into your source, and fix it there, it'll >>>>> override >>>>> the default. Its a quick fix until the release comes out. >>>>> >>>>> Iman >>>>> >>>>> On Fri, May 16, 2008 at 10:25 AM, Johan Compagner >>>>> <jcompag...@gmail.com> >>>>> wrote: >>>>> >>>>> >>>>> > Or get the snapshot build from or wicketstuff maven repo >>>>> > >>>>> > On 5/16/08, Erik van Oosten <e.vanoos...@grons.nl> wrote: >>>>> > > Chris, >>>>> > > >>>>> > > If you read the thread carefuly you can extract a quick fix. >>>>> You'll >>>>> need >>>>> > > it as the core developers argumented against a quick bugfix >>>>> release. >>>>> > > Just checkout Wicket from SVN and apply the patch (2 lines in the >>>>> Wicket >>>>> > > filter). Its a pain, but if you can not wait... >>>>> > > >>>>> > > Regards, >>>>> > > Erik. >>>>> > > >>>>> > > >>>>> > > Chris Lintz wrote: >>>>> > >> Guys has this been resolved?? We have been having some >>>>> customers >>>>> > complain >>>>> > >> as >>>>> > >> well (some sending screen shots of others peoples data as >>>>> proof). >>>>> > >> Because >>>>> > >> our users click streams are available publically at their >>>>> control, >>>>> we >>>>> > had >>>>> > >> thought jsessionids occurring in the click stream were being >>>>> maliciously >>>>> > >> hijacked. We plugged that hole disallowing any jsessionid to be >>>>> part of >>>>> > >> url >>>>> > >> (via Servlet filter) - yes this of course means JavaScript must >>>>> be >>>>> > >> enabled. >>>>> > >> This involuntary session sharing is still occurring. We are >>>>> running >>>>> > >> release >>>>> > >> 1.3.2. >>>>> > >> >>>>> > >> >>>>> > >> >>>>> > > -- >>>>> > > Erik van Oosten >>>>> > > http://day-to-day-stuff.blogspot.com/ >>>>> > > >>>>> > > >>>>> > > >>>>> > > >>>>> --------------------------------------------------------------------- >>>>> > > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >>>>> > > For additional commands, e-mail: users-h...@wicket.apache.org >>>>> > > >>>>> > > >>>>> > >>>>> > >>>>> --------------------------------------------------------------------- >>>>> > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >>>>> > For additional commands, e-mail: users-h...@wicket.apache.org >>>>> > >>>>> > >>>>> >>>> >>>> >>>> -- >>>> Buy Wicket in Action: http://manning.com/dashorst >>>> Apache Wicket 1.3.3 is released >>>> Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.3.3 >>>> >>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >>>> For additional commands, e-mail: users-h...@wicket.apache.org >>>> >>>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >>> For additional commands, e-mail: users-h...@wicket.apache.org >>> >>> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >> For additional commands, e-mail: users-h...@wicket.apache.org >> >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > > > -- View this message in context: http://www.nabble.com/Invoulentary-session-sharing-leakage-in-Wicket-1.3.x-tp16550360p21943432.html Sent from the Wicket - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org