SecureSessionHolder: http://pastebin.com/J891bDye

SecureSessionListener: http://pastebin.com/UBnLRLJ7

and just inside your implementation of
org.apache.wicket.authentication.AuthenticatedWebSession.authenticate(String,
String) ( or any other auth method ) call
SecureSessionHolder.addSecureSession( sessionId );



Ċ½ilvinas Vilutis

Mobile:   (+370) 652 38353
E-mail:   cika...@gmail.com


On Sun, May 9, 2010 at 6:57 PM, Fernando Wermus
<fernando.wer...@gmail.com>wrote:

> would you paste your code here? I will get a try if there is no problem.
>
> On Sat, May 8, 2010 at 9:04 PM, Zilvinas Vilutis <cika...@gmail.com>
> wrote:
>
> >
> > The problem is not in wicket, but in SwfUpload or more specific would be
> > the
> > Adobe Flash itself - which uses IE cookies in any case, even when you're
> > using FF or Chrome or Safari on Windows (
> > http://swfupload.org/forum/generaldiscussion/869 )
> >
> > Not sure how secure is it - but I've solved this in the following way:
> > - I've created a "SecureSessionHolder" static class which holds a list of
> > secure session ids
> > - Adding the secure session id to the list in "SecureSessionHolder" on
> > authentification
> > - an impl of "HttpSessionListener" to remove the session ids from the
> > static
> > list in "SecureSessionHolder" when session is destroyed
> > - in the SwfUpload servler just check if the session id ( passed as a
> > submit
> > parameter ) is in the secure session list in "SecureSessionHolder" before
> > parsing the response data
> >
> > If anybody has got any security concerns on this impl - please notify me,
> > I'll appreciate any opinions
> >
> > -----
> > --------------------
> > nothing is impossible
> > --
> > View this message in context:
> >
> http://apache-wicket.1842946.n4.nabble.com/how-to-get-some-data-from-servlet-tp1885531p2136546.html
> > Sent from the Wicket - User mailing list archive at Nabble.com.
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
> > For additional commands, e-mail: users-h...@wicket.apache.org
> >
> >
>
>
> --
> Fernando Wermus.
>
> www.linkedin.com/in/fernandowermus
>

Reply via email to