You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@wicket.apache.org by Leena <le...@yahoo.com> on 2008/05/05 12:32:18 UTC
Re: Invoulentary session sharing/leakage in Wicket 1.3.x
What was the resolution? I am facing the same problem in my
application...using wicket 1.3.1.
Is it a problem in Wicket? If so, is there any workaround?
+Leena
Edvin Syse wrote:
>
> The problem is still there and now it is getting serious for my business.
> Would any of the core committers be willing to look at my
> application? I'll pay USD 2500 as a onetime fee for looking at this.. (Or
> name your hour-price)
>
> -- Edvin
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
>
--
View this message in context: http://www.nabble.com/Invoulentary-session-sharing-leakage-in-Wicket-1.3.x-tp16550360p17057591.html
Sent from the Wicket - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Invoulentary session sharing/leakage in Wicket 1.3.x
Posted by rima77 <ri...@hotmail.com>.
was this problem solved in Wicket 1.3.4?
is there a jira issue associated with this problem?
Martin Makundi wrote:
>
> Ok. I meant the WicketServlet fix. Haven't seen the wicketFilter fix.
>
> **
> Martin
>
> 2008/5/17 Johan Compagner <jc...@gmail.com>:
>> It is not a workaround!
>> The wicketfilter fix is a real fix for that situation. There is no
>> root cause or real cause that i need to fix, at least not that i know
>> of
>>
>> On 5/17/08, Martin Makundi <ma...@koodaripalvelut.com> wrote:
>>> The workaround definitely catches some erroneous situations.
>>> Nevertheless, it is a workaround (does not solve the root problem).
>>>
>>> 2008/5/17 Martijn Dashorst <ma...@gmail.com>:
>>>> I see a lot of folks recommending this, but nobody confirming this
>>>> actually helps.
>>>>
>>>> Martijn
>>>>
>>>> On 5/17/08, Iman Rahmatizadeh <im...@gmail.com> wrote:
>>>>> Or just copy WicketFilter into your source, and fix it there, it'll
>>>>> override
>>>>> the default. Its a quick fix until the release comes out.
>>>>>
>>>>> Iman
>>>>>
>>>>> On Fri, May 16, 2008 at 10:25 AM, Johan Compagner
>>>>> <jc...@gmail.com>
>>>>> wrote:
>>>>>
>>>>>
>>>>> > Or get the snapshot build from or wicketstuff maven repo
>>>>> >
>>>>> > On 5/16/08, Erik van Oosten <e....@grons.nl> wrote:
>>>>> > > Chris,
>>>>> > >
>>>>> > > If you read the thread carefuly you can extract a quick fix.
>>>>> You'll
>>>>> need
>>>>> > > it as the core developers argumented against a quick bugfix
>>>>> release.
>>>>> > > Just checkout Wicket from SVN and apply the patch (2 lines in the
>>>>> Wicket
>>>>> > > filter). Its a pain, but if you can not wait...
>>>>> > >
>>>>> > > Regards,
>>>>> > > Erik.
>>>>> > >
>>>>> > >
>>>>> > > Chris Lintz wrote:
>>>>> > >> Guys has this been resolved?? We have been having some
>>>>> customers
>>>>> > complain
>>>>> > >> as
>>>>> > >> well (some sending screen shots of others peoples data as
>>>>> proof).
>>>>> > >> Because
>>>>> > >> our users click streams are available publically at their
>>>>> control,
>>>>> we
>>>>> > had
>>>>> > >> thought jsessionids occurring in the click stream were being
>>>>> maliciously
>>>>> > >> hijacked. We plugged that hole disallowing any jsessionid to be
>>>>> part of
>>>>> > >> url
>>>>> > >> (via Servlet filter) - yes this of course means JavaScript must
>>>>> be
>>>>> > >> enabled.
>>>>> > >> This involuntary session sharing is still occurring. We are
>>>>> running
>>>>> > >> release
>>>>> > >> 1.3.2.
>>>>> > >>
>>>>> > >>
>>>>> > >>
>>>>> > > --
>>>>> > > Erik van Oosten
>>>>> > > http://day-to-day-stuff.blogspot.com/
>>>>> > >
>>>>> > >
>>>>> > >
>>>>> > >
>>>>> ---------------------------------------------------------------------
>>>>> > > To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>>>> > > For additional commands, e-mail: users-help@wicket.apache.org
>>>>> > >
>>>>> > >
>>>>> >
>>>>> >
>>>>> ---------------------------------------------------------------------
>>>>> > To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>>>> > For additional commands, e-mail: users-help@wicket.apache.org
>>>>> >
>>>>> >
>>>>>
>>>>
>>>>
>>>> --
>>>> Buy Wicket in Action: http://manning.com/dashorst
>>>> Apache Wicket 1.3.3 is released
>>>> Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.3.3
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>>
>>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>> For additional commands, e-mail: users-help@wicket.apache.org
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
>
--
View this message in context: http://www.nabble.com/Invoulentary-session-sharing-leakage-in-Wicket-1.3.x-tp16550360p21943432.html
Sent from the Wicket - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Invoulentary session sharing/leakage in Wicket 1.3.x
Posted by Martin Makundi <ma...@koodaripalvelut.com>.
Ok. I meant the WicketServlet fix. Haven't seen the wicketFilter fix.
**
Martin
2008/5/17 Johan Compagner <jc...@gmail.com>:
> It is not a workaround!
> The wicketfilter fix is a real fix for that situation. There is no
> root cause or real cause that i need to fix, at least not that i know
> of
>
> On 5/17/08, Martin Makundi <ma...@koodaripalvelut.com> wrote:
>> The workaround definitely catches some erroneous situations.
>> Nevertheless, it is a workaround (does not solve the root problem).
>>
>> 2008/5/17 Martijn Dashorst <ma...@gmail.com>:
>>> I see a lot of folks recommending this, but nobody confirming this
>>> actually helps.
>>>
>>> Martijn
>>>
>>> On 5/17/08, Iman Rahmatizadeh <im...@gmail.com> wrote:
>>>> Or just copy WicketFilter into your source, and fix it there, it'll
>>>> override
>>>> the default. Its a quick fix until the release comes out.
>>>>
>>>> Iman
>>>>
>>>> On Fri, May 16, 2008 at 10:25 AM, Johan Compagner <jc...@gmail.com>
>>>> wrote:
>>>>
>>>>
>>>> > Or get the snapshot build from or wicketstuff maven repo
>>>> >
>>>> > On 5/16/08, Erik van Oosten <e....@grons.nl> wrote:
>>>> > > Chris,
>>>> > >
>>>> > > If you read the thread carefuly you can extract a quick fix. You'll
>>>> need
>>>> > > it as the core developers argumented against a quick bugfix release.
>>>> > > Just checkout Wicket from SVN and apply the patch (2 lines in the
>>>> Wicket
>>>> > > filter). Its a pain, but if you can not wait...
>>>> > >
>>>> > > Regards,
>>>> > > Erik.
>>>> > >
>>>> > >
>>>> > > Chris Lintz wrote:
>>>> > >> Guys has this been resolved?? We have been having some customers
>>>> > complain
>>>> > >> as
>>>> > >> well (some sending screen shots of others peoples data as proof).
>>>> > >> Because
>>>> > >> our users click streams are available publically at their control,
>>>> we
>>>> > had
>>>> > >> thought jsessionids occurring in the click stream were being
>>>> maliciously
>>>> > >> hijacked. We plugged that hole disallowing any jsessionid to be
>>>> part of
>>>> > >> url
>>>> > >> (via Servlet filter) - yes this of course means JavaScript must be
>>>> > >> enabled.
>>>> > >> This involuntary session sharing is still occurring. We are
>>>> running
>>>> > >> release
>>>> > >> 1.3.2.
>>>> > >>
>>>> > >>
>>>> > >>
>>>> > > --
>>>> > > Erik van Oosten
>>>> > > http://day-to-day-stuff.blogspot.com/
>>>> > >
>>>> > >
>>>> > >
>>>> > >
>>>> ---------------------------------------------------------------------
>>>> > > To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>>> > > For additional commands, e-mail: users-help@wicket.apache.org
>>>> > >
>>>> > >
>>>> >
>>>> > ---------------------------------------------------------------------
>>>> > To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>>> > For additional commands, e-mail: users-help@wicket.apache.org
>>>> >
>>>> >
>>>>
>>>
>>>
>>> --
>>> Buy Wicket in Action: http://manning.com/dashorst
>>> Apache Wicket 1.3.3 is released
>>> Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.3.3
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>> For additional commands, e-mail: users-help@wicket.apache.org
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Invoulentary session sharing/leakage in Wicket 1.3.x
Posted by Johan Compagner <jc...@gmail.com>.
It is not a workaround!
The wicketfilter fix is a real fix for that situation. There is no
root cause or real cause that i need to fix, at least not that i know
of
On 5/17/08, Martin Makundi <ma...@koodaripalvelut.com> wrote:
> The workaround definitely catches some erroneous situations.
> Nevertheless, it is a workaround (does not solve the root problem).
>
> 2008/5/17 Martijn Dashorst <ma...@gmail.com>:
>> I see a lot of folks recommending this, but nobody confirming this
>> actually helps.
>>
>> Martijn
>>
>> On 5/17/08, Iman Rahmatizadeh <im...@gmail.com> wrote:
>>> Or just copy WicketFilter into your source, and fix it there, it'll
>>> override
>>> the default. Its a quick fix until the release comes out.
>>>
>>> Iman
>>>
>>> On Fri, May 16, 2008 at 10:25 AM, Johan Compagner <jc...@gmail.com>
>>> wrote:
>>>
>>>
>>> > Or get the snapshot build from or wicketstuff maven repo
>>> >
>>> > On 5/16/08, Erik van Oosten <e....@grons.nl> wrote:
>>> > > Chris,
>>> > >
>>> > > If you read the thread carefuly you can extract a quick fix. You'll
>>> need
>>> > > it as the core developers argumented against a quick bugfix release.
>>> > > Just checkout Wicket from SVN and apply the patch (2 lines in the
>>> Wicket
>>> > > filter). Its a pain, but if you can not wait...
>>> > >
>>> > > Regards,
>>> > > Erik.
>>> > >
>>> > >
>>> > > Chris Lintz wrote:
>>> > >> Guys has this been resolved?? We have been having some customers
>>> > complain
>>> > >> as
>>> > >> well (some sending screen shots of others peoples data as proof).
>>> > >> Because
>>> > >> our users click streams are available publically at their control,
>>> we
>>> > had
>>> > >> thought jsessionids occurring in the click stream were being
>>> maliciously
>>> > >> hijacked. We plugged that hole disallowing any jsessionid to be
>>> part of
>>> > >> url
>>> > >> (via Servlet filter) - yes this of course means JavaScript must be
>>> > >> enabled.
>>> > >> This involuntary session sharing is still occurring. We are
>>> running
>>> > >> release
>>> > >> 1.3.2.
>>> > >>
>>> > >>
>>> > >>
>>> > > --
>>> > > Erik van Oosten
>>> > > http://day-to-day-stuff.blogspot.com/
>>> > >
>>> > >
>>> > >
>>> > >
>>> ---------------------------------------------------------------------
>>> > > To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>> > > For additional commands, e-mail: users-help@wicket.apache.org
>>> > >
>>> > >
>>> >
>>> > ---------------------------------------------------------------------
>>> > To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>> > For additional commands, e-mail: users-help@wicket.apache.org
>>> >
>>> >
>>>
>>
>>
>> --
>> Buy Wicket in Action: http://manning.com/dashorst
>> Apache Wicket 1.3.3 is released
>> Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.3.3
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>> For additional commands, e-mail: users-help@wicket.apache.org
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Invoulentary session sharing/leakage in Wicket 1.3.x
Posted by Martin Makundi <ma...@koodaripalvelut.com>.
The workaround definitely catches some erroneous situations.
Nevertheless, it is a workaround (does not solve the root problem).
2008/5/17 Martijn Dashorst <ma...@gmail.com>:
> I see a lot of folks recommending this, but nobody confirming this
> actually helps.
>
> Martijn
>
> On 5/17/08, Iman Rahmatizadeh <im...@gmail.com> wrote:
>> Or just copy WicketFilter into your source, and fix it there, it'll override
>> the default. Its a quick fix until the release comes out.
>>
>> Iman
>>
>> On Fri, May 16, 2008 at 10:25 AM, Johan Compagner <jc...@gmail.com>
>> wrote:
>>
>>
>> > Or get the snapshot build from or wicketstuff maven repo
>> >
>> > On 5/16/08, Erik van Oosten <e....@grons.nl> wrote:
>> > > Chris,
>> > >
>> > > If you read the thread carefuly you can extract a quick fix. You'll need
>> > > it as the core developers argumented against a quick bugfix release.
>> > > Just checkout Wicket from SVN and apply the patch (2 lines in the Wicket
>> > > filter). Its a pain, but if you can not wait...
>> > >
>> > > Regards,
>> > > Erik.
>> > >
>> > >
>> > > Chris Lintz wrote:
>> > >> Guys has this been resolved?? We have been having some customers
>> > complain
>> > >> as
>> > >> well (some sending screen shots of others peoples data as proof).
>> > >> Because
>> > >> our users click streams are available publically at their control, we
>> > had
>> > >> thought jsessionids occurring in the click stream were being maliciously
>> > >> hijacked. We plugged that hole disallowing any jsessionid to be part of
>> > >> url
>> > >> (via Servlet filter) - yes this of course means JavaScript must be
>> > >> enabled.
>> > >> This involuntary session sharing is still occurring. We are running
>> > >> release
>> > >> 1.3.2.
>> > >>
>> > >>
>> > >>
>> > > --
>> > > Erik van Oosten
>> > > http://day-to-day-stuff.blogspot.com/
>> > >
>> > >
>> > >
>> > > ---------------------------------------------------------------------
>> > > To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>> > > For additional commands, e-mail: users-help@wicket.apache.org
>> > >
>> > >
>> >
>> > ---------------------------------------------------------------------
>> > To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>> > For additional commands, e-mail: users-help@wicket.apache.org
>> >
>> >
>>
>
>
> --
> Buy Wicket in Action: http://manning.com/dashorst
> Apache Wicket 1.3.3 is released
> Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.3.3
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Invoulentary session sharing/leakage in Wicket 1.3.x
Posted by Martijn Dashorst <ma...@gmail.com>.
I see a lot of folks recommending this, but nobody confirming this
actually helps.
Martijn
On 5/17/08, Iman Rahmatizadeh <im...@gmail.com> wrote:
> Or just copy WicketFilter into your source, and fix it there, it'll override
> the default. Its a quick fix until the release comes out.
>
> Iman
>
> On Fri, May 16, 2008 at 10:25 AM, Johan Compagner <jc...@gmail.com>
> wrote:
>
>
> > Or get the snapshot build from or wicketstuff maven repo
> >
> > On 5/16/08, Erik van Oosten <e....@grons.nl> wrote:
> > > Chris,
> > >
> > > If you read the thread carefuly you can extract a quick fix. You'll need
> > > it as the core developers argumented against a quick bugfix release.
> > > Just checkout Wicket from SVN and apply the patch (2 lines in the Wicket
> > > filter). Its a pain, but if you can not wait...
> > >
> > > Regards,
> > > Erik.
> > >
> > >
> > > Chris Lintz wrote:
> > >> Guys has this been resolved?? We have been having some customers
> > complain
> > >> as
> > >> well (some sending screen shots of others peoples data as proof).
> > >> Because
> > >> our users click streams are available publically at their control, we
> > had
> > >> thought jsessionids occurring in the click stream were being maliciously
> > >> hijacked. We plugged that hole disallowing any jsessionid to be part of
> > >> url
> > >> (via Servlet filter) - yes this of course means JavaScript must be
> > >> enabled.
> > >> This involuntary session sharing is still occurring. We are running
> > >> release
> > >> 1.3.2.
> > >>
> > >>
> > >>
> > > --
> > > Erik van Oosten
> > > http://day-to-day-stuff.blogspot.com/
> > >
> > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> > > For additional commands, e-mail: users-help@wicket.apache.org
> > >
> > >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> > For additional commands, e-mail: users-help@wicket.apache.org
> >
> >
>
--
Buy Wicket in Action: http://manning.com/dashorst
Apache Wicket 1.3.3 is released
Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.3.3
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Invoulentary session sharing/leakage in Wicket 1.3.x
Posted by Martijn Dashorst <ma...@gmail.com>.
Has this fix been confirmed to help? If so, I'm +1 for releasing 1.3.4
Martijn
On 5/16/08, Johan Compagner <jc...@gmail.com> wrote:
> Or get the snapshot build from or wicketstuff maven repo
>
>
> On 5/16/08, Erik van Oosten <e....@grons.nl> wrote:
> > Chris,
> >
> > If you read the thread carefuly you can extract a quick fix. You'll need
> > it as the core developers argumented against a quick bugfix release.
> > Just checkout Wicket from SVN and apply the patch (2 lines in the Wicket
> > filter). Its a pain, but if you can not wait...
> >
> > Regards,
> > Erik.
> >
> >
> > Chris Lintz wrote:
> >> Guys has this been resolved?? We have been having some customers complain
> >> as
> >> well (some sending screen shots of others peoples data as proof).
> >> Because
> >> our users click streams are available publically at their control, we had
> >> thought jsessionids occurring in the click stream were being maliciously
> >> hijacked. We plugged that hole disallowing any jsessionid to be part of
> >> url
> >> (via Servlet filter) - yes this of course means JavaScript must be
> >> enabled.
> >> This involuntary session sharing is still occurring. We are running
> >> release
> >> 1.3.2.
> >>
> >>
> >>
> > --
> > Erik van Oosten
> > http://day-to-day-stuff.blogspot.com/
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> > For additional commands, e-mail: users-help@wicket.apache.org
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
--
Buy Wicket in Action: http://manning.com/dashorst
Apache Wicket 1.3.3 is released
Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.3.3
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Invoulentary session sharing/leakage in Wicket 1.3.x
Posted by Iman Rahmatizadeh <im...@gmail.com>.
Or just copy WicketFilter into your source, and fix it there, it'll override
the default. Its a quick fix until the release comes out.
Iman
On Fri, May 16, 2008 at 10:25 AM, Johan Compagner <jc...@gmail.com>
wrote:
> Or get the snapshot build from or wicketstuff maven repo
>
> On 5/16/08, Erik van Oosten <e....@grons.nl> wrote:
> > Chris,
> >
> > If you read the thread carefuly you can extract a quick fix. You'll need
> > it as the core developers argumented against a quick bugfix release.
> > Just checkout Wicket from SVN and apply the patch (2 lines in the Wicket
> > filter). Its a pain, but if you can not wait...
> >
> > Regards,
> > Erik.
> >
> >
> > Chris Lintz wrote:
> >> Guys has this been resolved?? We have been having some customers
> complain
> >> as
> >> well (some sending screen shots of others peoples data as proof).
> >> Because
> >> our users click streams are available publically at their control, we
> had
> >> thought jsessionids occurring in the click stream were being maliciously
> >> hijacked. We plugged that hole disallowing any jsessionid to be part of
> >> url
> >> (via Servlet filter) - yes this of course means JavaScript must be
> >> enabled.
> >> This involuntary session sharing is still occurring. We are running
> >> release
> >> 1.3.2.
> >>
> >>
> >>
> > --
> > Erik van Oosten
> > http://day-to-day-stuff.blogspot.com/
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> > For additional commands, e-mail: users-help@wicket.apache.org
> >
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
Re: Invoulentary session sharing/leakage in Wicket 1.3.x
Posted by Johan Compagner <jc...@gmail.com>.
Or get the snapshot build from or wicketstuff maven repo
On 5/16/08, Erik van Oosten <e....@grons.nl> wrote:
> Chris,
>
> If you read the thread carefuly you can extract a quick fix. You'll need
> it as the core developers argumented against a quick bugfix release.
> Just checkout Wicket from SVN and apply the patch (2 lines in the Wicket
> filter). Its a pain, but if you can not wait...
>
> Regards,
> Erik.
>
>
> Chris Lintz wrote:
>> Guys has this been resolved?? We have been having some customers complain
>> as
>> well (some sending screen shots of others peoples data as proof).
>> Because
>> our users click streams are available publically at their control, we had
>> thought jsessionids occurring in the click stream were being maliciously
>> hijacked. We plugged that hole disallowing any jsessionid to be part of
>> url
>> (via Servlet filter) - yes this of course means JavaScript must be
>> enabled.
>> This involuntary session sharing is still occurring. We are running
>> release
>> 1.3.2.
>>
>>
>>
> --
> Erik van Oosten
> http://day-to-day-stuff.blogspot.com/
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Invoulentary session sharing/leakage in Wicket 1.3.x
Posted by Eelco Hillenius <ee...@gmail.com>.
On Mon, May 5, 2008 at 8:20 AM, Iman Rahmatizadeh
<im...@gmail.com> wrote:
> I'm also experiencing this with jetty. Is everybody else the same ?
It would be great if we would have this reproducible as a test case or
something. I created wicket-threadtest in the past because we needed
to reproduce similar problems. If someone would pick up writing a
similar test (or even a patch on wicket-threadtest), we'd be more
certain that once we found the problem we fix it properly.
Eelco
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Invoulentary session sharing/leakage in Wicket 1.3.x
Posted by Iman Rahmatizadeh <im...@gmail.com>.
I'm also experiencing this with jetty. Is everybody else the same ?
Iman
On Mon, May 5, 2008 at 6:09 PM, Johan Compagner <jc...@gmail.com>
wrote:
> it was really a pretty rare exception
>
> 285154 [btpool0-9] ERROR org.mortbay.log - /undefined
> java.lang.IllegalStateException: STREAM
> at org.mortbay.jetty.Response.getWriter(Response.java:585)
> at
> org.apache.wicket.protocol.http.WebResponse.write(WebResponse.java:355)
> at org.apache.wicket.protocol.http.BufferedWebResponse.close
> (BufferedWebResponse.java:73)
> at org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter
> .java:371)
> at
> org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter
> .java:194)
> at
>
> org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1084)
>
> i have no idea how this exception can happen.
> It seems that there is already streamed something but then close does find
> also some stuff and wants to write it..
>
> That did result in an exception on close() so the unset wasnt called.
>
> johan
>
>
>
> On Mon, May 5, 2008 at 3:34 PM, Erik van Oosten <e....@grons.nl>
> wrote:
>
> > Isn't this problem serious enough to release 1.3.4?
> >
> > Regards,
> > Erik.
> >
> >
> > Johan Compagner wrote:
> > > the only thing we found was the finalize block that could be skipped
> > because
> > > of an exception again in that block
> > >
> > > That is fixed in current 1.3.x branch (and 1.4)
> > >
> > >
> >
> > --
> > Erik van Oosten
> > http://day-to-day-stuff.blogspot.com/
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> > For additional commands, e-mail: users-help@wicket.apache.org
> >
> >
>
Re: Invoulentary session sharing/leakage in Wicket 1.3.x
Posted by Erik van Oosten <e....@grons.nl>.
Chris,
If you read the thread carefuly you can extract a quick fix. You'll need
it as the core developers argumented against a quick bugfix release.
Just checkout Wicket from SVN and apply the patch (2 lines in the Wicket
filter). Its a pain, but if you can not wait...
Regards,
Erik.
Chris Lintz wrote:
> Guys has this been resolved?? We have been having some customers complain as
> well (some sending screen shots of others peoples data as proof). Because
> our users click streams are available publically at their control, we had
> thought jsessionids occurring in the click stream were being maliciously
> hijacked. We plugged that hole disallowing any jsessionid to be part of url
> (via Servlet filter) - yes this of course means JavaScript must be enabled.
> This involuntary session sharing is still occurring. We are running release
> 1.3.2.
>
>
>
--
Erik van Oosten
http://day-to-day-stuff.blogspot.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Invoulentary session sharing/leakage in Wicket 1.3.x
Posted by Chris Lintz <ch...@gmail.com>.
Guys has this been resolved?? We have been having some customers complain as
well (some sending screen shots of others peoples data as proof). Because
our users click streams are available publically at their control, we had
thought jsessionids occurring in the click stream were being maliciously
hijacked. We plugged that hole disallowing any jsessionid to be part of url
(via Servlet filter) - yes this of course means JavaScript must be enabled.
This involuntary session sharing is still occurring. We are running release
1.3.2.
Johan Compagner wrote:
>
> I know all that, but i dont know how this could happen in wicket. I
> think it is user code because if you have a bufferedresponse that has
> a string buffer filled then it is very strange that the output stream
> is already used, i am very curios how both can be used by wicket in
> the same request, wicket only uses outputstream itself for resources
> and a redirect to buffer (the actual redirect) the last part this
> really cant happen because there shouldnt be anything in the response.
>
> The first part cant also happen because we dont render a page or
> something if a resource request target is the response target..
>
> So it seems to me that that it is usercode that writes directly to the
> stream and let wicket still do something
>
>
> On 5/5/08, lars vonk <la...@gmail.com> wrote:
>> Hi Johan,
>>
>> This exception occurs if you obtained the servletresponse via the
>> ServletResponse.getOutputStream() and are *trying *to obtained the writer
>> via ServletResponse.getWriter() at the same time. According to the
>> javadoc
>> of ServletRespone you can either use getOutputStream or getWriter to
>> write
>> the body:
>>
>> Either this method or {@link #getOutputStream} may be called to write the
>> > body, not both.
>> >
>>
>> Jetty tracks this using an inner flag. This flag is only reset on the
>> ServletResponse.reset() method, which I believe is called at the end of
>> the
>> servletrequestcycle.
>>
>> If I look at Wicket's the WebResponse class I see several
>> ServletResponse.getWriter *and* ServletResponse.getOutputStream calls.
>> You
>> can't mix those two when writing the servletresponse.
>>
>> Maybe this helps with tracking where it goes wrong.
>>
>> Cheers Lars
>>
>> PS. The exception would have been IllegalStateException("WRITER') if you
>> obtained the ServletResponse.getWriter() and are *trying* to obtain the
>> ServletResponse.getOutputStream at the same time.
>>
>> On Mon, May 5, 2008 at 4:39 PM, Johan Compagner <jc...@gmail.com>
>> wrote:
>>
>> > it was really a pretty rare exception
>> >
>> > 285154 [btpool0-9] ERROR org.mortbay.log - /undefined
>> > java.lang.IllegalStateException: STREAM
>> > at org.mortbay.jetty.Response.getWriter(Response.java:585)
>> > at
>> > org.apache.wicket.protocol.http.WebResponse.write(WebResponse.java:355)
>> > at org.apache.wicket.protocol.http.BufferedWebResponse.close
>> > (BufferedWebResponse.java:73)
>> > at
>> org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter
>> > .java:371)
>> > at
>> > org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter
>> > .java:194)
>> > at
>> >
>> >
>> org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1084)
>> >
>> > i have no idea how this exception can happen.
>> > It seems that there is already streamed something but then close does
>> find
>> > also some stuff and wants to write it..
>> >
>> > That did result in an exception on close() so the unset wasnt called.
>> >
>> > johan
>> >
>> >
>> >
>> > On Mon, May 5, 2008 at 3:34 PM, Erik van Oosten <e....@grons.nl>
>> > wrote:
>> >
>> > > Isn't this problem serious enough to release 1.3.4?
>> > >
>> > > Regards,
>> > > Erik.
>> > >
>> > >
>> > > Johan Compagner wrote:
>> > > > the only thing we found was the finalize block that could be
>> skipped
>> > > because
>> > > > of an exception again in that block
>> > > >
>> > > > That is fixed in current 1.3.x branch (and 1.4)
>> > > >
>> > > >
>> > >
>> > > --
>> > > Erik van Oosten
>> > > http://day-to-day-stuff.blogspot.com/
>> > >
>> > >
>> > >
>> > > ---------------------------------------------------------------------
>> > > To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>> > > For additional commands, e-mail: users-help@wicket.apache.org
>> > >
>> > >
>> >
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
>
--
View this message in context: http://www.nabble.com/Invoulentary-session-sharing-leakage-in-Wicket-1.3.x-tp16550360p17266484.html
Sent from the Wicket - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Invoulentary session sharing/leakage in Wicket 1.3.x
Posted by Johan Compagner <jc...@gmail.com>.
I know all that, but i dont know how this could happen in wicket. I
think it is user code because if you have a bufferedresponse that has
a string buffer filled then it is very strange that the output stream
is already used, i am very curios how both can be used by wicket in
the same request, wicket only uses outputstream itself for resources
and a redirect to buffer (the actual redirect) the last part this
really cant happen because there shouldnt be anything in the response.
The first part cant also happen because we dont render a page or
something if a resource request target is the response target..
So it seems to me that that it is usercode that writes directly to the
stream and let wicket still do something
On 5/5/08, lars vonk <la...@gmail.com> wrote:
> Hi Johan,
>
> This exception occurs if you obtained the servletresponse via the
> ServletResponse.getOutputStream() and are *trying *to obtained the writer
> via ServletResponse.getWriter() at the same time. According to the javadoc
> of ServletRespone you can either use getOutputStream or getWriter to write
> the body:
>
> Either this method or {@link #getOutputStream} may be called to write the
> > body, not both.
> >
>
> Jetty tracks this using an inner flag. This flag is only reset on the
> ServletResponse.reset() method, which I believe is called at the end of the
> servletrequestcycle.
>
> If I look at Wicket's the WebResponse class I see several
> ServletResponse.getWriter *and* ServletResponse.getOutputStream calls. You
> can't mix those two when writing the servletresponse.
>
> Maybe this helps with tracking where it goes wrong.
>
> Cheers Lars
>
> PS. The exception would have been IllegalStateException("WRITER') if you
> obtained the ServletResponse.getWriter() and are *trying* to obtain the
> ServletResponse.getOutputStream at the same time.
>
> On Mon, May 5, 2008 at 4:39 PM, Johan Compagner <jc...@gmail.com>
> wrote:
>
> > it was really a pretty rare exception
> >
> > 285154 [btpool0-9] ERROR org.mortbay.log - /undefined
> > java.lang.IllegalStateException: STREAM
> > at org.mortbay.jetty.Response.getWriter(Response.java:585)
> > at
> > org.apache.wicket.protocol.http.WebResponse.write(WebResponse.java:355)
> > at org.apache.wicket.protocol.http.BufferedWebResponse.close
> > (BufferedWebResponse.java:73)
> > at org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter
> > .java:371)
> > at
> > org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter
> > .java:194)
> > at
> >
> >
> org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1084)
> >
> > i have no idea how this exception can happen.
> > It seems that there is already streamed something but then close does find
> > also some stuff and wants to write it..
> >
> > That did result in an exception on close() so the unset wasnt called.
> >
> > johan
> >
> >
> >
> > On Mon, May 5, 2008 at 3:34 PM, Erik van Oosten <e....@grons.nl>
> > wrote:
> >
> > > Isn't this problem serious enough to release 1.3.4?
> > >
> > > Regards,
> > > Erik.
> > >
> > >
> > > Johan Compagner wrote:
> > > > the only thing we found was the finalize block that could be skipped
> > > because
> > > > of an exception again in that block
> > > >
> > > > That is fixed in current 1.3.x branch (and 1.4)
> > > >
> > > >
> > >
> > > --
> > > Erik van Oosten
> > > http://day-to-day-stuff.blogspot.com/
> > >
> > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> > > For additional commands, e-mail: users-help@wicket.apache.org
> > >
> > >
> >
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Invoulentary session sharing/leakage in Wicket 1.3.x
Posted by lars vonk <la...@gmail.com>.
Hi Johan,
This exception occurs if you obtained the servletresponse via the
ServletResponse.getOutputStream() and are *trying *to obtained the writer
via ServletResponse.getWriter() at the same time. According to the javadoc
of ServletRespone you can either use getOutputStream or getWriter to write
the body:
Either this method or {@link #getOutputStream} may be called to write the
> body, not both.
>
Jetty tracks this using an inner flag. This flag is only reset on the
ServletResponse.reset() method, which I believe is called at the end of the
servletrequestcycle.
If I look at Wicket's the WebResponse class I see several
ServletResponse.getWriter *and* ServletResponse.getOutputStream calls. You
can't mix those two when writing the servletresponse.
Maybe this helps with tracking where it goes wrong.
Cheers Lars
PS. The exception would have been IllegalStateException("WRITER') if you
obtained the ServletResponse.getWriter() and are *trying* to obtain the
ServletResponse.getOutputStream at the same time.
On Mon, May 5, 2008 at 4:39 PM, Johan Compagner <jc...@gmail.com>
wrote:
> it was really a pretty rare exception
>
> 285154 [btpool0-9] ERROR org.mortbay.log - /undefined
> java.lang.IllegalStateException: STREAM
> at org.mortbay.jetty.Response.getWriter(Response.java:585)
> at
> org.apache.wicket.protocol.http.WebResponse.write(WebResponse.java:355)
> at org.apache.wicket.protocol.http.BufferedWebResponse.close
> (BufferedWebResponse.java:73)
> at org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter
> .java:371)
> at
> org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter
> .java:194)
> at
>
> org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1084)
>
> i have no idea how this exception can happen.
> It seems that there is already streamed something but then close does find
> also some stuff and wants to write it..
>
> That did result in an exception on close() so the unset wasnt called.
>
> johan
>
>
>
> On Mon, May 5, 2008 at 3:34 PM, Erik van Oosten <e....@grons.nl>
> wrote:
>
> > Isn't this problem serious enough to release 1.3.4?
> >
> > Regards,
> > Erik.
> >
> >
> > Johan Compagner wrote:
> > > the only thing we found was the finalize block that could be skipped
> > because
> > > of an exception again in that block
> > >
> > > That is fixed in current 1.3.x branch (and 1.4)
> > >
> > >
> >
> > --
> > Erik van Oosten
> > http://day-to-day-stuff.blogspot.com/
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> > For additional commands, e-mail: users-help@wicket.apache.org
> >
> >
>
Re: Invoulentary session sharing/leakage in Wicket 1.3.x
Posted by Martijn Dashorst <ma...@gmail.com>.
On 5/5/08, Erik van Oosten <e....@grons.nl> wrote:
> Isn't this problem serious enough to release 1.3.4?
The core developers have not found any problems with 1.3.1, 1.3.2,
1.3.3 on their production boxes. There is no evidence this solves the
problem, so IMO there is no need to release 1.3.4 immediately.
Martijn
--
Buy Wicket in Action: http://manning.com/dashorst
Apache Wicket 1.3.3 is released
Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.3.3
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Invoulentary session sharing/leakage in Wicket 1.3.x
Posted by Johan Compagner <jc...@gmail.com>.
it was really a pretty rare exception
285154 [btpool0-9] ERROR org.mortbay.log - /undefined
java.lang.IllegalStateException: STREAM
at org.mortbay.jetty.Response.getWriter(Response.java:585)
at
org.apache.wicket.protocol.http.WebResponse.write(WebResponse.java:355)
at org.apache.wicket.protocol.http.BufferedWebResponse.close
(BufferedWebResponse.java:73)
at org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter
.java:371)
at org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter
.java:194)
at
org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1084)
i have no idea how this exception can happen.
It seems that there is already streamed something but then close does find
also some stuff and wants to write it..
That did result in an exception on close() so the unset wasnt called.
johan
On Mon, May 5, 2008 at 3:34 PM, Erik van Oosten <e....@grons.nl>
wrote:
> Isn't this problem serious enough to release 1.3.4?
>
> Regards,
> Erik.
>
>
> Johan Compagner wrote:
> > the only thing we found was the finalize block that could be skipped
> because
> > of an exception again in that block
> >
> > That is fixed in current 1.3.x branch (and 1.4)
> >
> >
>
> --
> Erik van Oosten
> http://day-to-day-stuff.blogspot.com/
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
Re: Invoulentary session sharing/leakage in Wicket 1.3.x
Posted by Erik van Oosten <e....@grons.nl>.
Isn't this problem serious enough to release 1.3.4?
Regards,
Erik.
Johan Compagner wrote:
> the only thing we found was the finalize block that could be skipped because
> of an exception again in that block
>
> That is fixed in current 1.3.x branch (and 1.4)
>
>
--
Erik van Oosten
http://day-to-day-stuff.blogspot.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Invoulentary session sharing/leakage in Wicket 1.3.x
Posted by Johan Compagner <jc...@gmail.com>.
we (matej) tested there solution locally but couldnt reproduce it at all
johan
On Mon, May 5, 2008 at 1:58 PM, lars vonk <la...@gmail.com> wrote:
> But did it fix Edvin Syse his problem? The last thing he reported was that
> his problem still persists.
>
> I see this problem 10-20 times every day still..
> >
> > -- Edvin
> >
>
>
> Lars
>
> On Mon, May 5, 2008 at 1:41 PM, Johan Compagner <jc...@gmail.com>
> wrote:
>
> > the only thing we found was the finalize block that could be skipped
> > because
> > of an exception again in that block
> >
> > That is fixed in current 1.3.x branch (and 1.4)
> >
> > On Mon, May 5, 2008 at 12:32 PM, Leena <le...@yahoo.com> wrote:
> >
> > >
> > >
> > > What was the resolution? I am facing the same problem in my
> > > application...using wicket 1.3.1.
> > > Is it a problem in Wicket? If so, is there any workaround?
> > >
> > > +Leena
> > >
> > >
> > > Edvin Syse wrote:
> > > >
> > > > The problem is still there and now it is getting serious for my
> > > business.
> > > > Would any of the core committers be willing to look at my
> > > > application? I'll pay USD 2500 as a onetime fee for looking at
> this..
> > > (Or
> > > > name your hour-price)
> > > >
> > > > -- Edvin
> > > >
> > > >
> ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> > > > For additional commands, e-mail: users-help@wicket.apache.org
> > > >
> > > >
> > > >
> > >
> > > --
> > > View this message in context:
> > >
> >
> http://www.nabble.com/Invoulentary-session-sharing-leakage-in-Wicket-1.3.x-tp16550360p17057591.html
> > > Sent from the Wicket - User mailing list archive at Nabble.com.
> > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> > > For additional commands, e-mail: users-help@wicket.apache.org
> > >
> > >
> >
>
Re: Invoulentary session sharing/leakage in Wicket 1.3.x
Posted by lars vonk <la...@gmail.com>.
But did it fix Edvin Syse his problem? The last thing he reported was that
his problem still persists.
I see this problem 10-20 times every day still..
>
> -- Edvin
>
Lars
On Mon, May 5, 2008 at 1:41 PM, Johan Compagner <jc...@gmail.com>
wrote:
> the only thing we found was the finalize block that could be skipped
> because
> of an exception again in that block
>
> That is fixed in current 1.3.x branch (and 1.4)
>
> On Mon, May 5, 2008 at 12:32 PM, Leena <le...@yahoo.com> wrote:
>
> >
> >
> > What was the resolution? I am facing the same problem in my
> > application...using wicket 1.3.1.
> > Is it a problem in Wicket? If so, is there any workaround?
> >
> > +Leena
> >
> >
> > Edvin Syse wrote:
> > >
> > > The problem is still there and now it is getting serious for my
> > business.
> > > Would any of the core committers be willing to look at my
> > > application? I'll pay USD 2500 as a onetime fee for looking at this..
> > (Or
> > > name your hour-price)
> > >
> > > -- Edvin
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> > > For additional commands, e-mail: users-help@wicket.apache.org
> > >
> > >
> > >
> >
> > --
> > View this message in context:
> >
> http://www.nabble.com/Invoulentary-session-sharing-leakage-in-Wicket-1.3.x-tp16550360p17057591.html
> > Sent from the Wicket - User mailing list archive at Nabble.com.
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> > For additional commands, e-mail: users-help@wicket.apache.org
> >
> >
>
Re: Invoulentary session sharing/leakage in Wicket 1.3.x
Posted by Johan Compagner <jc...@gmail.com>.
the only thing we found was the finalize block that could be skipped because
of an exception again in that block
That is fixed in current 1.3.x branch (and 1.4)
On Mon, May 5, 2008 at 12:32 PM, Leena <le...@yahoo.com> wrote:
>
>
> What was the resolution? I am facing the same problem in my
> application...using wicket 1.3.1.
> Is it a problem in Wicket? If so, is there any workaround?
>
> +Leena
>
>
> Edvin Syse wrote:
> >
> > The problem is still there and now it is getting serious for my
> business.
> > Would any of the core committers be willing to look at my
> > application? I'll pay USD 2500 as a onetime fee for looking at this..
> (Or
> > name your hour-price)
> >
> > -- Edvin
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> > For additional commands, e-mail: users-help@wicket.apache.org
> >
> >
> >
>
> --
> View this message in context:
> http://www.nabble.com/Invoulentary-session-sharing-leakage-in-Wicket-1.3.x-tp16550360p17057591.html
> Sent from the Wicket - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>