Essentially your response headers should have the following headers: Cache-Control: no-cache, no-store Pragma: no-cache
For more details on HTTP response headers and cache controls see this page: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html Not all proxy servers are documented, unfortunately. If your system lives in a DMZ (which it sounds like it might), then the proxy server might be within your ISP. -----Original Message----- From: allgo [mailto:soumya_...@yahoo.co.in] Sent: Friday, January 08, 2010 8:44 AM To: users@wicket.apache.org Subject: RE: Wicket session not threadsafe? Hi Berin, No the users are all from different companies and no way there woudl be caching of their side. User A belongs to a client X say working in New York , while User B may be of client Y working in texas. It doesnt happen in test environment. but then that is not a multi-user environment in true sense of teh word. As hardly 3-4 people test it and we never got into that situation. For live however there are 500+ users using it everyday. "no-cache" entry? I am bit sketchy on this one. Can you give an example? Thanks for ur help. Loritsch, Berin C. wrote: > > The session object is bound to the HttpSession, so it is as safe as Tomcat > or whatever servlet container is running your application. > > Here are some things to consider that have bit me in the butt, and have > nothing to do with your local setup: > > * Is that happening locally in your test environment? > * Does your client have caching proxies? (do they even know?) > * Do your response headers have the "no-cache" entries? > > What might be happening is the first person to log in through the caching > proxy gets their information cached by the proxy. The second person comes > in and sees it. Typically the problem has to do with poorly configured > proxy servers and they don't properly distinguish the pages with the cache > control headers you supply. The only way around it is to turn off client > caching completely. > > -----Original Message----- > From: Soumya [mailto:soumya_...@yahoo.co.in] > Sent: Friday, January 08, 2010 6:18 AM > To: users@wicket.apache.org > Subject: Wicket session not threadsafe? > > Hi all, > I am fairly a newbie in wicket and would appreciate your help! > > I > have a wicket application which are used on Live by more than 500 > users. Now the problem which has arisen is - say User A logs on - he is > able to view details of User B. It has happened for different users and > I am trying to dig the real reason. > > Here is my code details - > 1) I use Hibernate to fetch 'Account' objects from backend passing on the > username/password. > > 2) I use > MyAppSession extends WebSession > { > private Account account; > > public InboundSession(Request request) > { > super(request); > } > > public void setAccount(Account account) > { > this.account = account; > } > > > public Account getAccount() > { > return account; > } > > public boolean isUserLoggedIn() > { > return account !=null; > } > > } > > So > effectively I check if the Account object in session is null or not and > accordingly decide whether a user is logged in or not. > > 2) In Login class I pass on the username/password to HibernateAccountDao > and fetch the Account object. > Account account = accountDao.getAccount(username, password) > MyAppSession session = (MyAppSession )getSession(); > session.setAccount(account); > setResponsePage(Home.class); > > So effectively I fetch the accout object using hibernate and store it in > wicket session. > But I am not sure how these account objects are getting mixed up between > users. > > Please can someone lead me to the route cause of the issue? > > > Thanks in advance! > SSP > > > The INTERNET now has a personality. YOURS! See your Yahoo! Homepage. > http://in.yahoo.com/ > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > > > -- View this message in context: http://old.nabble.com/Wicket-session-not-threadsafe--tp27074491p27076126 .html Sent from the Wicket - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
