The problem is not in wicket, but in SwfUpload or more specific would be the
Adobe Flash itself - which uses IE cookies in any case, even when you're
using FF or Chrome or Safari on Windows ( )

Not sure how secure is it - but I've solved this in the following way:
- I've created a "SecureSessionHolder" static class which holds a list of
secure session ids
- Adding the secure session id to the list in "SecureSessionHolder" on
- an impl of "HttpSessionListener" to remove the session ids from the static
list in "SecureSessionHolder" when session is destroyed
- in the SwfUpload servler just check if the session id ( passed as a submit
parameter ) is in the secure session list in "SecureSessionHolder" before
parsing the response data

If anybody has got any security concerns on this impl - please notify me,
I'll appreciate any opinions

nothing is impossible
View this message in context:
Sent from the Wicket - User mailing list archive at

To unsubscribe, e-mail:
For additional commands, e-mail:

Reply via email to