Ok. I meant the WicketServlet fix. Haven't seen the wicketFilter fix. ** Martin
2008/5/17 Johan Compagner <[EMAIL PROTECTED]>: > It is not a workaround! > The wicketfilter fix is a real fix for that situation. There is no > root cause or real cause that i need to fix, at least not that i know > of > > On 5/17/08, Martin Makundi <[EMAIL PROTECTED]> wrote: >> The workaround definitely catches some erroneous situations. >> Nevertheless, it is a workaround (does not solve the root problem). >> >> 2008/5/17 Martijn Dashorst <[EMAIL PROTECTED]>: >>> I see a lot of folks recommending this, but nobody confirming this >>> actually helps. >>> >>> Martijn >>> >>> On 5/17/08, Iman Rahmatizadeh <[EMAIL PROTECTED]> wrote: >>>> Or just copy WicketFilter into your source, and fix it there, it'll >>>> override >>>> the default. Its a quick fix until the release comes out. >>>> >>>> Iman >>>> >>>> On Fri, May 16, 2008 at 10:25 AM, Johan Compagner <[EMAIL PROTECTED]> >>>> wrote: >>>> >>>> >>>> > Or get the snapshot build from or wicketstuff maven repo >>>> > >>>> > On 5/16/08, Erik van Oosten <[EMAIL PROTECTED]> wrote: >>>> > > Chris, >>>> > > >>>> > > If you read the thread carefuly you can extract a quick fix. You'll >>>> need >>>> > > it as the core developers argumented against a quick bugfix release. >>>> > > Just checkout Wicket from SVN and apply the patch (2 lines in the >>>> Wicket >>>> > > filter). Its a pain, but if you can not wait... >>>> > > >>>> > > Regards, >>>> > > Erik. >>>> > > >>>> > > >>>> > > Chris Lintz wrote: >>>> > >> Guys has this been resolved?? We have been having some customers >>>> > complain >>>> > >> as >>>> > >> well (some sending screen shots of others peoples data as proof). >>>> > >> Because >>>> > >> our users click streams are available publically at their control, >>>> we >>>> > had >>>> > >> thought jsessionids occurring in the click stream were being >>>> maliciously >>>> > >> hijacked. We plugged that hole disallowing any jsessionid to be >>>> part of >>>> > >> url >>>> > >> (via Servlet filter) - yes this of course means JavaScript must be >>>> > >> enabled. >>>> > >> This involuntary session sharing is still occurring. We are >>>> running >>>> > >> release >>>> > >> 1.3.2. >>>> > >> >>>> > >> >>>> > >> >>>> > > -- >>>> > > Erik van Oosten >>>> > > http://day-to-day-stuff.blogspot.com/ >>>> > > >>>> > > >>>> > > >>>> > > >>>> --------------------------------------------------------------------- >>>> > > To unsubscribe, e-mail: [EMAIL PROTECTED] >>>> > > For additional commands, e-mail: [EMAIL PROTECTED] >>>> > > >>>> > > >>>> > >>>> > --------------------------------------------------------------------- >>>> > To unsubscribe, e-mail: [EMAIL PROTECTED] >>>> > For additional commands, e-mail: [EMAIL PROTECTED] >>>> > >>>> > >>>> >>> >>> >>> -- >>> Buy Wicket in Action: http://manning.com/dashorst >>> Apache Wicket 1.3.3 is released >>> Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.3.3 >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>> For additional commands, e-mail: [EMAIL PROTECTED] >>> >>> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
