A wicket version number would be helpful... Martijn
On Fri, Jan 8, 2010 at 12:17 PM, Soumya <[email protected]> wrote: > Hi all, > I am fairly a newbie in wicket and would appreciate your help! > > I > have a wicket application which are used on Live by more than 500 > users. Now the problem which has arisen is - say User A logs on - he is > able to view details of User B. It has happened for different users and > I am trying to dig the real reason. > > Here is my code details - > 1) I use Hibernate to fetch 'Account' objects from backend passing on the > username/password. > > 2) I use > MyAppSession extends WebSession > { > private Account account; > > public InboundSession(Request request) > { > super(request); > } > > public void setAccount(Account account) > { > this.account = account; > } > > > public Account getAccount() > { > return account; > } > > public boolean isUserLoggedIn() > { > return account !=null; > } > > } > > So > effectively I check if the Account object in session is null or not and > accordingly decide whether a user is logged in or not. > > 2) In Login class I pass on the username/password to HibernateAccountDao and > fetch the Account object. > Account account = accountDao.getAccount(username, password) > MyAppSession session = (MyAppSession )getSession(); > session.setAccount(account); > setResponsePage(Home.class); > > So effectively I fetch the accout object using hibernate and store it in > wicket session. > But I am not sure how these account objects are getting mixed up between > users. > > Please can someone lead me to the route cause of the issue? > > > Thanks in advance! > SSP > > > The INTERNET now has a personality. YOURS! See your Yahoo! Homepage. > http://in.yahoo.com/ -- Become a Wicket expert, learn from the best: http://wicketinaction.com Apache Wicket 1.4 increases type safety for web applications Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.4.4 --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
