SecureSessionHolder: http://pastebin.com/J891bDye
SecureSessionListener: http://pastebin.com/UBnLRLJ7 and just inside your implementation of org.apache.wicket.authentication.AuthenticatedWebSession.authenticate(String, String) ( or any other auth method ) call SecureSessionHolder.addSecureSession( sessionId ); Žilvinas Vilutis Mobile: (+370) 652 38353 E-mail: cika...@gmail.com On Sun, May 9, 2010 at 6:57 PM, Fernando Wermus <fernando.wer...@gmail.com>wrote: > would you paste your code here? I will get a try if there is no problem. > > On Sat, May 8, 2010 at 9:04 PM, Zilvinas Vilutis <cika...@gmail.com> > wrote: > > > > > The problem is not in wicket, but in SwfUpload or more specific would be > > the > > Adobe Flash itself - which uses IE cookies in any case, even when you're > > using FF or Chrome or Safari on Windows ( > > http://swfupload.org/forum/generaldiscussion/869 ) > > > > Not sure how secure is it - but I've solved this in the following way: > > - I've created a "SecureSessionHolder" static class which holds a list of > > secure session ids > > - Adding the secure session id to the list in "SecureSessionHolder" on > > authentification > > - an impl of "HttpSessionListener" to remove the session ids from the > > static > > list in "SecureSessionHolder" when session is destroyed > > - in the SwfUpload servler just check if the session id ( passed as a > > submit > > parameter ) is in the secure session list in "SecureSessionHolder" before > > parsing the response data > > > > If anybody has got any security concerns on this impl - please notify me, > > I'll appreciate any opinions > > > > ----- > > -------------------- > > nothing is impossible > > -- > > View this message in context: > > > http://apache-wicket.1842946.n4.nabble.com/how-to-get-some-data-from-servlet-tp1885531p2136546.html > > Sent from the Wicket - User mailing list archive at Nabble.com. > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > > For additional commands, e-mail: users-h...@wicket.apache.org > > > > > > > -- > Fernando Wermus. > > www.linkedin.com/in/fernandowermus >
