Or get the snapshot build from or wicketstuff maven repo On 5/16/08, Erik van Oosten <[EMAIL PROTECTED]> wrote: > Chris, > > If you read the thread carefuly you can extract a quick fix. You'll need > it as the core developers argumented against a quick bugfix release. > Just checkout Wicket from SVN and apply the patch (2 lines in the Wicket > filter). Its a pain, but if you can not wait... > > Regards, > Erik. > > > Chris Lintz wrote: >> Guys has this been resolved?? We have been having some customers complain >> as >> well (some sending screen shots of others peoples data as proof). >> Because >> our users click streams are available publically at their control, we had >> thought jsessionids occurring in the click stream were being maliciously >> hijacked. We plugged that hole disallowing any jsessionid to be part of >> url >> (via Servlet filter) - yes this of course means JavaScript must be >> enabled. >> This involuntary session sharing is still occurring. We are running >> release >> 1.3.2. >> >> >> > -- > Erik van Oosten > http://day-to-day-stuff.blogspot.com/ > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
