Or just copy WicketFilter into your source, and fix it there, it'll override the default. Its a quick fix until the release comes out.
Iman On Fri, May 16, 2008 at 10:25 AM, Johan Compagner <[EMAIL PROTECTED]> wrote: > Or get the snapshot build from or wicketstuff maven repo > > On 5/16/08, Erik van Oosten <[EMAIL PROTECTED]> wrote: > > Chris, > > > > If you read the thread carefuly you can extract a quick fix. You'll need > > it as the core developers argumented against a quick bugfix release. > > Just checkout Wicket from SVN and apply the patch (2 lines in the Wicket > > filter). Its a pain, but if you can not wait... > > > > Regards, > > Erik. > > > > > > Chris Lintz wrote: > >> Guys has this been resolved?? We have been having some customers > complain > >> as > >> well (some sending screen shots of others peoples data as proof). > >> Because > >> our users click streams are available publically at their control, we > had > >> thought jsessionids occurring in the click stream were being maliciously > >> hijacked. We plugged that hole disallowing any jsessionid to be part of > >> url > >> (via Servlet filter) - yes this of course means JavaScript must be > >> enabled. > >> This involuntary session sharing is still occurring. We are running > >> release > >> 1.3.2. > >> > >> > >> > > -- > > Erik van Oosten > > http://day-to-day-stuff.blogspot.com/ > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
