no, nothing fancy there... anyways, I can't seem to replicate it easily now and I don't have time for further investigation.
sorry for your time and also thank you for it. i will definitely try later. On Tue, May 20, 2008 at 8:59 PM, Igor Vaynberg <[EMAIL PROTECTED]> wrote: > also, what does your code look like that creates a new instance of > session (application.newsession()) > > -igor > > On Tue, May 20, 2008 at 10:58 AM, Igor Vaynberg <[EMAIL PROTECTED]> > wrote: > > do the two users have different session ids? try printing it out from > > your authenticate method. > > > > -igor > > > > > > On Tue, May 20, 2008 at 7:59 AM, Cristi Manole <[EMAIL PROTECTED]> > wrote: > >> well, i figured it was just me... so I quit bothering you guys with > >> something that's ... just me... :) > >> > >> i'm using tomcat, no clustering. > >> > >> this is my websession class: > >> > >> package com.fx.core; > >> > >> import java.security.NoSuchAlgorithmException; > >> > >> import org.apache.commons.logging.Log; > >> import org.apache.commons.logging.LogFactory; > >> import org.apache.wicket.Request; > >> import org.apache.wicket.authentication.AuthenticatedWebApplication; > >> import org.apache.wicket.authentication.AuthenticatedWebSession; > >> import org.apache.wicket.authorization.strategies.role.Roles; > >> import org.apache.wicket.injection.web.InjectorHolder; > >> import org.apache.wicket.spring.injection.annot.SpringBean; > >> > >> import com.fx.utils.crypt.UltraPasswordHasher; > >> > >> @SuppressWarnings("serial") > >> public class WebSession extends AuthenticatedWebSession { > >> private static final Log log = LogFactory.getLog(WebSession.class); > >> > >> @SpringBean > >> private JdbcUtilizatori jdbcUtilizatori; > >> > >> private Utilizator utilizator; > >> > >> public WebSession(final AuthenticatedWebApplication application, > Request > >> request) { > >> super(request); > >> InjectorHolder.getInjector().inject(this); //don't get spring by > >> default in sessions... > >> } > >> > >> @Override > >> * public boolean authenticate(final String username, final String > >> password) { > >> if(utilizator == null) { > >> * UtilizatorDAO dao = > jdbcUtilizatori.getUtilizator(username); > >> if(dao != null) { > >> try { > >> if(new > >> UltraPasswordHasher().verifyPassword(password.getBytes(), > dao.getParola())) > >> { > >> utilizator = new Utilizator(dao.getId(), > username, > >> dao.getParola(), dao.getNume(), dao.getPrenume(), dao.getTip()); > >> utilizator.addRole("AUTHENTICATED"); > >> } > >> } catch (NoSuchAlgorithmException e) { > >> log.error("ERROR:", e); > >> return false; > >> } > >> } > >> } > >> > >> return utilizator != null; > >> } > >> > >> public void logOut() { > >> utilizator = null; > >> signOut(); > >> } > >> > >> @Override > >> public Roles getRoles() { > >> if (isSignedIn()) { > >> // If the user is signed in, they have these roles > >> return new Roles((String[])utilizator.getRoles().toArray(new > >> String[0])); > >> } > >> return null; > >> } > >> > >> public Utilizator getUtilizator() { > >> return utilizator; > >> } > >> > >> public Utilizator getUtilizatorFor(String password) { > >> UtilizatorDAO dao = jdbcUtilizatori.getUtilizator(password); > >> if(dao == null) { > >> return null; > >> } else { > >> return new Utilizator(dao.getId(), dao.getUser(), > >> dao.getParola(), dao.getNume(), dao.getPrenume(), dao.getTip()); > >> } > >> } > >> } > >> > >> in dev mode, running from two stations, same network (didn't test > >> otherwise), "utilizator" is not null for the second user after the first > has > >> logged in (see bolded text above). And no matter what he puts in the > login, > >> it will get logged in with the others credential. > >> > >> *I really think I'm doing something stupid* cause this is the first time > I > >> get this and I've been developing quite a few web apps in wicket (then > again > >> i rarely develop in dev mode). > >> > >> Tks, > >> Cristi Manole > >> > >> On Tue, May 20, 2008 at 5:23 PM, Igor Vaynberg <[EMAIL PROTECTED] > > > >> wrote: > >> > >>> On Tue, May 20, 2008 at 3:55 AM, Cristi Manole <[EMAIL PROTECTED] > > > >>> wrote: > >>> > Hello, > >>> > > >>> > Today I tested an application on a number of computers (if it's > useful > >>> know > >>> > that they were in the same network). > >>> > > >>> > What I found out is that the wicket session was shared among them > when > >>> > wicket was started in dev mode. > >>> > >>> what symptoms of this did you see? does it also happen with a plain > >>> wicket-quickstart? what kind of server did you have running? what kind > >>> of cluster topology? what replication tech did you use? > >>> > >>> you cant just tell us something interesting like this and leave us > hanging! > >>> > >>> -igor > >>> > >>> > When I started the application in deploy > >>> > mode, everything was as needed - a session object was created for > each > >>> > client. > >>> > > >>> > Is this how it's suppose to work in dev mode? I'm using wicket > 1.3.2. > >>> > > >>> > Thank you, > >>> > Cristi Manole > >>> > > >>> > >>> --------------------------------------------------------------------- > >>> To unsubscribe, e-mail: [EMAIL PROTECTED] > >>> For additional commands, e-mail: [EMAIL PROTECTED] > >>> > >>> > >> > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >