The session object is bound to the HttpSession, so it is as safe as Tomcat or whatever servlet container is running your application.
Here are some things to consider that have bit me in the butt, and have nothing to do with your local setup: * Is that happening locally in your test environment? * Does your client have caching proxies? (do they even know?) * Do your response headers have the "no-cache" entries? What might be happening is the first person to log in through the caching proxy gets their information cached by the proxy. The second person comes in and sees it. Typically the problem has to do with poorly configured proxy servers and they don't properly distinguish the pages with the cache control headers you supply. The only way around it is to turn off client caching completely. -----Original Message----- From: Soumya [mailto:soumya_...@yahoo.co.in] Sent: Friday, January 08, 2010 6:18 AM To: users@wicket.apache.org Subject: Wicket session not threadsafe? Hi all, I am fairly a newbie in wicket and would appreciate your help! I have a wicket application which are used on Live by more than 500 users. Now the problem which has arisen is - say User A logs on - he is able to view details of User B. It has happened for different users and I am trying to dig the real reason. Here is my code details - 1) I use Hibernate to fetch 'Account' objects from backend passing on the username/password. 2) I use MyAppSession extends WebSession { private Account account; public InboundSession(Request request) { super(request); } public void setAccount(Account account) { this.account = account; } public Account getAccount() { return account; } public boolean isUserLoggedIn() { return account !=null; } } So effectively I check if the Account object in session is null or not and accordingly decide whether a user is logged in or not. 2) In Login class I pass on the username/password to HibernateAccountDao and fetch the Account object. Account account = accountDao.getAccount(username, password) MyAppSession session = (MyAppSession )getSession(); session.setAccount(account); setResponsePage(Home.class); So effectively I fetch the accout object using hibernate and store it in wicket session. But I am not sure how these account objects are getting mixed up between users. Please can someone lead me to the route cause of the issue? Thanks in advance! SSP The INTERNET now has a personality. YOURS! See your Yahoo! Homepage. http://in.yahoo.com/ --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
