I'd try upgrading to Acegi Security 1.0.4 - looking at their release notes it looks like there's quite a few fixes concerning cookies and remember me (might be related, might not):
http://www.springframework.org/node/466 Matt On 5/25/07, jvosloo <[EMAIL PROTECTED]> wrote:
Ok - maybe hijacking is strong word - but here's my issue. I 'm running an Appfuse 1.93 (JSF ) based app. It's happened twice now that I log in as admin and then I'm all of a sudden inside another logged in user's session (the same user both times incidentally)! This is obviously a real concern - I can't have users seeing each other's data. The only non-standard configuration change I made was to force some pages over HTTPS via the channelProcessingFilter in security.xml. The user concerned logs in using IE7 without having cookies block (afaik). Any advice on this issue will be much appreciated. -- View this message in context: http://www.nabble.com/Session-hijacking-issue-tf3815184s2369.html#a10800067 Sent from the AppFuse - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
-- http://raibledesigns.com --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
