You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@wicket.apache.org by Soumya <so...@yahoo.co.in> on 2010/01/08 12:17:34 UTC
Wicket session not threadsafe?
Hi all,
I am fairly a newbie in wicket and would appreciate your help!
I
have a wicket application which are used on Live by more than 500
users. Now the problem which has arisen is - say User A logs on - he is
able to view details of User B. It has happened for different users and
I am trying to dig the real reason.
Here is my code details -
1) I use Hibernate to fetch 'Account' objects from backend passing on the username/password.
2) I use
MyAppSession extends WebSession
{
private Account account;
public InboundSession(Request request)
{
super(request);
}
public void setAccount(Account account)
{
this.account = account;
}
public Account getAccount()
{
return account;
}
public boolean isUserLoggedIn()
{
return account !=null;
}
}
So
effectively I check if the Account object in session is null or not and
accordingly decide whether a user is logged in or not.
2) In Login class I pass on the username/password to HibernateAccountDao and fetch the Account object.
Account account = accountDao.getAccount(username, password)
MyAppSession session = (MyAppSession )getSession();
session.setAccount(account);
setResponsePage(Home.class);
So effectively I fetch the accout object using hibernate and store it in wicket session.
But I am not sure how these account objects are getting mixed up between users.
Please can someone lead me to the route cause of the issue?
Thanks in advance!
SSP
The INTERNET now has a personality. YOURS! See your Yahoo! Homepage. http://in.yahoo.com/
Re: Wicket session not threadsafe?
Posted by Pedro Santos <pe...@gmail.com>.
Look for static variables on your code too, they may be erroneous sharing
values between session.
On Fri, Jan 8, 2010 at 10:00 AM, Pedro Santos <pe...@gmail.com> wrote:
> If your servlet container bind an different session for your users
> requests, you get the problem described too. Only one property of your
> session has user B values for user A requests? Or the entire session are
> different?
>
>
> On Fri, Jan 8, 2010 at 9:52 AM, Pieter Degraeuwe <
> pieter.degraeuwe@systemworks.be> wrote:
>
>> That's very odd... As I understood, methods on the Session can be called
>> by
>> several threads. So, Session methods must be thread safe.
>>
>> Maybe something is wrong with your dao. (Since that wone will be called by
>> multiple threads a the same time...)
>>
>> Pieter
>>
>> On Fri, Jan 8, 2010 at 12:17 PM, Soumya <so...@yahoo.co.in> wrote:
>>
>> > Hi all,
>> > I am fairly a newbie in wicket and would appreciate your help!
>> >
>> > I
>> > have a wicket application which are used on Live by more than 500
>> > users. Now the problem which has arisen is - say User A logs on - he is
>> > able to view details of User B. It has happened for different users and
>> > I am trying to dig the real reason.
>> >
>> > Here is my code details -
>> > 1) I use Hibernate to fetch 'Account' objects from backend passing on
>> the
>> > username/password.
>> >
>> > 2) I use
>> > MyAppSession extends WebSession
>> > {
>> > private Account account;
>> >
>> > public InboundSession(Request request)
>> > {
>> > super(request);
>> > }
>> >
>> > public void setAccount(Account account)
>> > {
>> > this.account = account;
>> > }
>> >
>> >
>> > public Account getAccount()
>> > {
>> > return account;
>> > }
>> >
>> > public boolean isUserLoggedIn()
>> > {
>> > return account !=null;
>> > }
>> >
>> > }
>> >
>> > So
>> > effectively I check if the Account object in session is null or not and
>> > accordingly decide whether a user is logged in or not.
>> >
>> > 2) In Login class I pass on the username/password to HibernateAccountDao
>> > and fetch the Account object.
>> > Account account = accountDao.getAccount(username, password)
>> > MyAppSession session = (MyAppSession )getSession();
>> > session.setAccount(account);
>> > setResponsePage(Home.class);
>> >
>> > So effectively I fetch the accout object using hibernate and store it in
>> > wicket session.
>> > But I am not sure how these account objects are getting mixed up between
>> > users.
>> >
>> > Please can someone lead me to the route cause of the issue?
>> >
>> >
>> > Thanks in advance!
>> > SSP
>> >
>> >
>> > The INTERNET now has a personality. YOURS! See your Yahoo!
>> Homepage.
>> > http://in.yahoo.com/
>>
>>
>>
>>
>> --
>> Pieter Degraeuwe
>> Systemworks bvba
>> Belgiëlaan 61
>> 9070 Destelbergen
>> GSM: +32 (0)485/68.60.85
>> Email: pieter.degraeuwe@systemworks.be
>> visit us at http://www.systemworks.be
>>
>
>
>
> --
> Pedro Henrique Oliveira dos Santos
>
--
Pedro Henrique Oliveira dos Santos
Re: Wicket session not threadsafe?
Posted by Pedro Santos <pe...@gmail.com>.
If your servlet container bind an different session for your users requests,
you get the problem described too. Only one property of your session has
user B values for user A requests? Or the entire session are different?
On Fri, Jan 8, 2010 at 9:52 AM, Pieter Degraeuwe <
pieter.degraeuwe@systemworks.be> wrote:
> That's very odd... As I understood, methods on the Session can be called by
> several threads. So, Session methods must be thread safe.
>
> Maybe something is wrong with your dao. (Since that wone will be called by
> multiple threads a the same time...)
>
> Pieter
>
> On Fri, Jan 8, 2010 at 12:17 PM, Soumya <so...@yahoo.co.in> wrote:
>
> > Hi all,
> > I am fairly a newbie in wicket and would appreciate your help!
> >
> > I
> > have a wicket application which are used on Live by more than 500
> > users. Now the problem which has arisen is - say User A logs on - he is
> > able to view details of User B. It has happened for different users and
> > I am trying to dig the real reason.
> >
> > Here is my code details -
> > 1) I use Hibernate to fetch 'Account' objects from backend passing on the
> > username/password.
> >
> > 2) I use
> > MyAppSession extends WebSession
> > {
> > private Account account;
> >
> > public InboundSession(Request request)
> > {
> > super(request);
> > }
> >
> > public void setAccount(Account account)
> > {
> > this.account = account;
> > }
> >
> >
> > public Account getAccount()
> > {
> > return account;
> > }
> >
> > public boolean isUserLoggedIn()
> > {
> > return account !=null;
> > }
> >
> > }
> >
> > So
> > effectively I check if the Account object in session is null or not and
> > accordingly decide whether a user is logged in or not.
> >
> > 2) In Login class I pass on the username/password to HibernateAccountDao
> > and fetch the Account object.
> > Account account = accountDao.getAccount(username, password)
> > MyAppSession session = (MyAppSession )getSession();
> > session.setAccount(account);
> > setResponsePage(Home.class);
> >
> > So effectively I fetch the accout object using hibernate and store it in
> > wicket session.
> > But I am not sure how these account objects are getting mixed up between
> > users.
> >
> > Please can someone lead me to the route cause of the issue?
> >
> >
> > Thanks in advance!
> > SSP
> >
> >
> > The INTERNET now has a personality. YOURS! See your Yahoo! Homepage.
> > http://in.yahoo.com/
>
>
>
>
> --
> Pieter Degraeuwe
> Systemworks bvba
> Belgiëlaan 61
> 9070 Destelbergen
> GSM: +32 (0)485/68.60.85
> Email: pieter.degraeuwe@systemworks.be
> visit us at http://www.systemworks.be
>
--
Pedro Henrique Oliveira dos Santos
Re: Wicket session not threadsafe?
Posted by Pieter Degraeuwe <pi...@systemworks.be>.
That's very odd... As I understood, methods on the Session can be called by
several threads. So, Session methods must be thread safe.
Maybe something is wrong with your dao. (Since that wone will be called by
multiple threads a the same time...)
Pieter
On Fri, Jan 8, 2010 at 12:17 PM, Soumya <so...@yahoo.co.in> wrote:
> Hi all,
> I am fairly a newbie in wicket and would appreciate your help!
>
> I
> have a wicket application which are used on Live by more than 500
> users. Now the problem which has arisen is - say User A logs on - he is
> able to view details of User B. It has happened for different users and
> I am trying to dig the real reason.
>
> Here is my code details -
> 1) I use Hibernate to fetch 'Account' objects from backend passing on the
> username/password.
>
> 2) I use
> MyAppSession extends WebSession
> {
> private Account account;
>
> public InboundSession(Request request)
> {
> super(request);
> }
>
> public void setAccount(Account account)
> {
> this.account = account;
> }
>
>
> public Account getAccount()
> {
> return account;
> }
>
> public boolean isUserLoggedIn()
> {
> return account !=null;
> }
>
> }
>
> So
> effectively I check if the Account object in session is null or not and
> accordingly decide whether a user is logged in or not.
>
> 2) In Login class I pass on the username/password to HibernateAccountDao
> and fetch the Account object.
> Account account = accountDao.getAccount(username, password)
> MyAppSession session = (MyAppSession )getSession();
> session.setAccount(account);
> setResponsePage(Home.class);
>
> So effectively I fetch the accout object using hibernate and store it in
> wicket session.
> But I am not sure how these account objects are getting mixed up between
> users.
>
> Please can someone lead me to the route cause of the issue?
>
>
> Thanks in advance!
> SSP
>
>
> The INTERNET now has a personality. YOURS! See your Yahoo! Homepage.
> http://in.yahoo.com/
--
Pieter Degraeuwe
Systemworks bvba
Belgiëlaan 61
9070 Destelbergen
GSM: +32 (0)485/68.60.85
Email: pieter.degraeuwe@systemworks.be
visit us at http://www.systemworks.be
Re: Wicket session not threadsafe?
Posted by Steve Swinsburg <st...@gmail.com>.
Are there any issues reported in the Wicket JIRA [1] that affect the 1.3 series in this way? Can you just upgrade Wicket version to 1.3.7 to see if that resolves your issue? Then you can keep digging.
[1] http://issues.apache.org/jira/browse/WICKET
On 08/01/2010, at 11:40 PM, allgo wrote:
>
> unfortunately it is extremely difficult to reproduce in dev. Have tried it a
> lot. but the issue seems to happen vaer rare in a multi-user env. Thing is
> though ti happens rarely... it is a client facing issue and data integrity
> as promised is challenged.
>
>
> Steve Swinsburg-3 wrote:
>>
>> The first thing to do would be to reproduce the issue in a dev
>> environment, then try upgrading that environment to 1.3.7 and see if that
>> solves the problem. There shouldn't be any API breaks in the 1.3 series so
>> this should be a simple POM dependency version update.
>>
>> It might also be your Hibernate implementation caching and returning the
>> wrong object as well.
>>
>> Steve
>>
>>
>>
>> On 08/01/2010, at 11:21 PM, allgo wrote:
>>
>>>
>>> 1.3.0-beta3 actually. Copied it from the Manifest file
>>>
>>> Martijn Dashorst wrote:
>>>>
>>>> 1.3.0?
>>>>
>>>> Martijn
>>>>
>>>> On Fri, Jan 8, 2010 at 1:12 PM, allgo <so...@yahoo.co.in> wrote:
>>>>>
>>>>> Hi,
>>>>> The wicket version is 1.3. Sorry should have mentioned that.
>>>>>
>>>>> As such the User A, after he logs on is getting assigned the Account
>>>>> object
>>>>> of User B. And after soem logs we can see that User B had logged on a
>>>>> while
>>>>> before. Hence that Accoutn object was definitely fetched a whiel
>>>>> before.
>>>>> I
>>>>> did see a few threads which say Hibernate may eb a culprit but am not
>>>>> sure
>>>>> thats the case here.
>>>>>
>>>>> Please do let me know if you need any more info.
>>>>> Thanks,
>>>>> SSP
>>>>>
>>>>> Martijn Dashorst wrote:
>>>>>>
>>>>>> A wicket version number would be helpful...
>>>>>>
>>>>>> Martijn
>>>>>>
>>>>>> On Fri, Jan 8, 2010 at 12:17 PM, Soumya <so...@yahoo.co.in>
>>>>>> wrote:
>>>>>>> Hi all,
>>>>>>> I am fairly a newbie in wicket and would appreciate your help!
>>>>>>>
>>>>>>> I
>>>>>>> have a wicket application which are used on Live by more than 500
>>>>>>> users. Now the problem which has arisen is - say User A logs on - he
>>>>>>> is
>>>>>>> able to view details of User B. It has happened for different users
>>>>>>> and
>>>>>>> I am trying to dig the real reason.
>>>>>>>
>>>>>>> Here is my code details -
>>>>>>> 1) I use Hibernate to fetch 'Account' objects from backend passing on
>>>>>>> the
>>>>>>> username/password.
>>>>>>>
>>>>>>> 2) I use
>>>>>>> MyAppSession extends WebSession
>>>>>>> {
>>>>>>> private Account account;
>>>>>>>
>>>>>>> public InboundSession(Request request)
>>>>>>> {
>>>>>>> super(request);
>>>>>>> }
>>>>>>>
>>>>>>> public void setAccount(Account account)
>>>>>>> {
>>>>>>> this.account = account;
>>>>>>> }
>>>>>>>
>>>>>>>
>>>>>>> public Account getAccount()
>>>>>>> {
>>>>>>> return account;
>>>>>>> }
>>>>>>>
>>>>>>> public boolean isUserLoggedIn()
>>>>>>> {
>>>>>>> return account !=null;
>>>>>>> }
>>>>>>>
>>>>>>> }
>>>>>>>
>>>>>>> So
>>>>>>> effectively I check if the Account object in session is null or not
>>>>>>> and
>>>>>>> accordingly decide whether a user is logged in or not.
>>>>>>>
>>>>>>> 2) In Login class I pass on the username/password to
>>>>>>> HibernateAccountDao
>>>>>>> and fetch the Account object.
>>>>>>> Account account = accountDao.getAccount(username, password)
>>>>>>> MyAppSession session = (MyAppSession )getSession();
>>>>>>> session.setAccount(account);
>>>>>>> setResponsePage(Home.class);
>>>>>>>
>>>>>>> So effectively I fetch the accout object using hibernate and store it
>>>>>>> in
>>>>>>> wicket session.
>>>>>>> But I am not sure how these account objects are getting mixed up
>>>>>>> between
>>>>>>> users.
>>>>>>>
>>>>>>> Please can someone lead me to the route cause of the issue?
>>>>>>>
>>>>>>>
>>>>>>> Thanks in advance!
>>>>>>> SSP
>>>>>>>
>>>>>>>
>>>>>>> The INTERNET now has a personality. YOURS! See your Yahoo!
>>>>>>> Homepage.
>>>>>>> http://in.yahoo.com/
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Become a Wicket expert, learn from the best: http://wicketinaction.com
>>>>>> Apache Wicket 1.4 increases type safety for web applications
>>>>>> Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.4.4
>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>>>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>> --
>>>>> View this message in context:
>>>>> http://old.nabble.com/Wicket-session-not-threadsafe--tp27074491p27075050.html
>>>>> Sent from the Wicket - User mailing list archive at Nabble.com.
>>>>>
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Become a Wicket expert, learn from the best: http://wicketinaction.com
>>>> Apache Wicket 1.4 increases type safety for web applications
>>>> Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.4.4
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>>
>>>>
>>>>
>>>
>>> --
>>> View this message in context:
>>> http://old.nabble.com/Wicket-session-not-threadsafe--tp27074491p27075144.html
>>> Sent from the Wicket - User mailing list archive at Nabble.com.
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>
>>
>>
>>
>>
>
> --
> View this message in context: http://old.nabble.com/Wicket-session-not-threadsafe--tp27074491p27075321.html
> Sent from the Wicket - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
Re: Wicket session not threadsafe?
Posted by allgo <so...@yahoo.co.in>.
unfortunately it is extremely difficult to reproduce in dev. Have tried it a
lot. but the issue seems to happen vaer rare in a multi-user env. Thing is
though ti happens rarely... it is a client facing issue and data integrity
as promised is challenged.
Steve Swinsburg-3 wrote:
>
> The first thing to do would be to reproduce the issue in a dev
> environment, then try upgrading that environment to 1.3.7 and see if that
> solves the problem. There shouldn't be any API breaks in the 1.3 series so
> this should be a simple POM dependency version update.
>
> It might also be your Hibernate implementation caching and returning the
> wrong object as well.
>
> Steve
>
>
>
> On 08/01/2010, at 11:21 PM, allgo wrote:
>
>>
>> 1.3.0-beta3 actually. Copied it from the Manifest file
>>
>> Martijn Dashorst wrote:
>>>
>>> 1.3.0?
>>>
>>> Martijn
>>>
>>> On Fri, Jan 8, 2010 at 1:12 PM, allgo <so...@yahoo.co.in> wrote:
>>>>
>>>> Hi,
>>>> The wicket version is 1.3. Sorry should have mentioned that.
>>>>
>>>> As such the User A, after he logs on is getting assigned the Account
>>>> object
>>>> of User B. And after soem logs we can see that User B had logged on a
>>>> while
>>>> before. Hence that Accoutn object was definitely fetched a whiel
>>>> before.
>>>> I
>>>> did see a few threads which say Hibernate may eb a culprit but am not
>>>> sure
>>>> thats the case here.
>>>>
>>>> Please do let me know if you need any more info.
>>>> Thanks,
>>>> SSP
>>>>
>>>> Martijn Dashorst wrote:
>>>>>
>>>>> A wicket version number would be helpful...
>>>>>
>>>>> Martijn
>>>>>
>>>>> On Fri, Jan 8, 2010 at 12:17 PM, Soumya <so...@yahoo.co.in>
>>>>> wrote:
>>>>>> Hi all,
>>>>>> I am fairly a newbie in wicket and would appreciate your help!
>>>>>>
>>>>>> I
>>>>>> have a wicket application which are used on Live by more than 500
>>>>>> users. Now the problem which has arisen is - say User A logs on - he
>>>>>> is
>>>>>> able to view details of User B. It has happened for different users
>>>>>> and
>>>>>> I am trying to dig the real reason.
>>>>>>
>>>>>> Here is my code details -
>>>>>> 1) I use Hibernate to fetch 'Account' objects from backend passing on
>>>>>> the
>>>>>> username/password.
>>>>>>
>>>>>> 2) I use
>>>>>> MyAppSession extends WebSession
>>>>>> {
>>>>>> private Account account;
>>>>>>
>>>>>> public InboundSession(Request request)
>>>>>> {
>>>>>> super(request);
>>>>>> }
>>>>>>
>>>>>> public void setAccount(Account account)
>>>>>> {
>>>>>> this.account = account;
>>>>>> }
>>>>>>
>>>>>>
>>>>>> public Account getAccount()
>>>>>> {
>>>>>> return account;
>>>>>> }
>>>>>>
>>>>>> public boolean isUserLoggedIn()
>>>>>> {
>>>>>> return account !=null;
>>>>>> }
>>>>>>
>>>>>> }
>>>>>>
>>>>>> So
>>>>>> effectively I check if the Account object in session is null or not
>>>>>> and
>>>>>> accordingly decide whether a user is logged in or not.
>>>>>>
>>>>>> 2) In Login class I pass on the username/password to
>>>>>> HibernateAccountDao
>>>>>> and fetch the Account object.
>>>>>> Account account = accountDao.getAccount(username, password)
>>>>>> MyAppSession session = (MyAppSession )getSession();
>>>>>> session.setAccount(account);
>>>>>> setResponsePage(Home.class);
>>>>>>
>>>>>> So effectively I fetch the accout object using hibernate and store it
>>>>>> in
>>>>>> wicket session.
>>>>>> But I am not sure how these account objects are getting mixed up
>>>>>> between
>>>>>> users.
>>>>>>
>>>>>> Please can someone lead me to the route cause of the issue?
>>>>>>
>>>>>>
>>>>>> Thanks in advance!
>>>>>> SSP
>>>>>>
>>>>>>
>>>>>> The INTERNET now has a personality. YOURS! See your Yahoo!
>>>>>> Homepage.
>>>>>> http://in.yahoo.com/
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Become a Wicket expert, learn from the best: http://wicketinaction.com
>>>>> Apache Wicket 1.4 increases type safety for web applications
>>>>> Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.4.4
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>>>
>>>>>
>>>>>
>>>>
>>>> --
>>>> View this message in context:
>>>> http://old.nabble.com/Wicket-session-not-threadsafe--tp27074491p27075050.html
>>>> Sent from the Wicket - User mailing list archive at Nabble.com.
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>>
>>>>
>>>
>>>
>>>
>>> --
>>> Become a Wicket expert, learn from the best: http://wicketinaction.com
>>> Apache Wicket 1.4 increases type safety for web applications
>>> Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.4.4
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>
>>>
>>>
>>
>> --
>> View this message in context:
>> http://old.nabble.com/Wicket-session-not-threadsafe--tp27074491p27075144.html
>> Sent from the Wicket - User mailing list archive at Nabble.com.
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>> For additional commands, e-mail: users-help@wicket.apache.org
>>
>
>
>
>
--
View this message in context: http://old.nabble.com/Wicket-session-not-threadsafe--tp27074491p27075321.html
Sent from the Wicket - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Wicket session not threadsafe?
Posted by Steve Swinsburg <st...@gmail.com>.
The first thing to do would be to reproduce the issue in a dev environment, then try upgrading that environment to 1.3.7 and see if that solves the problem. There shouldn't be any API breaks in the 1.3 series so this should be a simple POM dependency version update.
It might also be your Hibernate implementation caching and returning the wrong object as well.
Steve
On 08/01/2010, at 11:21 PM, allgo wrote:
>
> 1.3.0-beta3 actually. Copied it from the Manifest file
>
> Martijn Dashorst wrote:
>>
>> 1.3.0?
>>
>> Martijn
>>
>> On Fri, Jan 8, 2010 at 1:12 PM, allgo <so...@yahoo.co.in> wrote:
>>>
>>> Hi,
>>> The wicket version is 1.3. Sorry should have mentioned that.
>>>
>>> As such the User A, after he logs on is getting assigned the Account
>>> object
>>> of User B. And after soem logs we can see that User B had logged on a
>>> while
>>> before. Hence that Accoutn object was definitely fetched a whiel before.
>>> I
>>> did see a few threads which say Hibernate may eb a culprit but am not
>>> sure
>>> thats the case here.
>>>
>>> Please do let me know if you need any more info.
>>> Thanks,
>>> SSP
>>>
>>> Martijn Dashorst wrote:
>>>>
>>>> A wicket version number would be helpful...
>>>>
>>>> Martijn
>>>>
>>>> On Fri, Jan 8, 2010 at 12:17 PM, Soumya <so...@yahoo.co.in> wrote:
>>>>> Hi all,
>>>>> I am fairly a newbie in wicket and would appreciate your help!
>>>>>
>>>>> I
>>>>> have a wicket application which are used on Live by more than 500
>>>>> users. Now the problem which has arisen is - say User A logs on - he is
>>>>> able to view details of User B. It has happened for different users and
>>>>> I am trying to dig the real reason.
>>>>>
>>>>> Here is my code details -
>>>>> 1) I use Hibernate to fetch 'Account' objects from backend passing on
>>>>> the
>>>>> username/password.
>>>>>
>>>>> 2) I use
>>>>> MyAppSession extends WebSession
>>>>> {
>>>>> private Account account;
>>>>>
>>>>> public InboundSession(Request request)
>>>>> {
>>>>> super(request);
>>>>> }
>>>>>
>>>>> public void setAccount(Account account)
>>>>> {
>>>>> this.account = account;
>>>>> }
>>>>>
>>>>>
>>>>> public Account getAccount()
>>>>> {
>>>>> return account;
>>>>> }
>>>>>
>>>>> public boolean isUserLoggedIn()
>>>>> {
>>>>> return account !=null;
>>>>> }
>>>>>
>>>>> }
>>>>>
>>>>> So
>>>>> effectively I check if the Account object in session is null or not and
>>>>> accordingly decide whether a user is logged in or not.
>>>>>
>>>>> 2) In Login class I pass on the username/password to
>>>>> HibernateAccountDao
>>>>> and fetch the Account object.
>>>>> Account account = accountDao.getAccount(username, password)
>>>>> MyAppSession session = (MyAppSession )getSession();
>>>>> session.setAccount(account);
>>>>> setResponsePage(Home.class);
>>>>>
>>>>> So effectively I fetch the accout object using hibernate and store it
>>>>> in
>>>>> wicket session.
>>>>> But I am not sure how these account objects are getting mixed up
>>>>> between
>>>>> users.
>>>>>
>>>>> Please can someone lead me to the route cause of the issue?
>>>>>
>>>>>
>>>>> Thanks in advance!
>>>>> SSP
>>>>>
>>>>>
>>>>> The INTERNET now has a personality. YOURS! See your Yahoo!
>>>>> Homepage.
>>>>> http://in.yahoo.com/
>>>>
>>>>
>>>>
>>>> --
>>>> Become a Wicket expert, learn from the best: http://wicketinaction.com
>>>> Apache Wicket 1.4 increases type safety for web applications
>>>> Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.4.4
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>>
>>>>
>>>>
>>>
>>> --
>>> View this message in context:
>>> http://old.nabble.com/Wicket-session-not-threadsafe--tp27074491p27075050.html
>>> Sent from the Wicket - User mailing list archive at Nabble.com.
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>
>>>
>>
>>
>>
>> --
>> Become a Wicket expert, learn from the best: http://wicketinaction.com
>> Apache Wicket 1.4 increases type safety for web applications
>> Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.4.4
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>> For additional commands, e-mail: users-help@wicket.apache.org
>>
>>
>>
>
> --
> View this message in context: http://old.nabble.com/Wicket-session-not-threadsafe--tp27074491p27075144.html
> Sent from the Wicket - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
Re: Wicket session not threadsafe?
Posted by sholden <sh...@gammatelecom.com>.
Allgo's manager here. Consider me convinced.
This is a very serious issue for us and your help has been invaluable.
I would also like to offer my sincere gratitude.
--
View this message in context: http://old.nabble.com/Wicket-session-not-threadsafe--tp27074491p27077743.html
Sent from the Wicket - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Wicket session not threadsafe?
Posted by Stijn Maller <st...@gmail.com>.
Why not upgrade to 1.3.7? AFAIK there shouldn't be any differences in API or
functionality between 1.3.4 and 1.3.7, so you might as well benefit from the
other bugfixes as well. It's only if you should decide to upgrade to the 1.4
releases, that you will have to do some coding. (And even that should be
rather limited)
2010/1/8 allgo <so...@yahoo.co.in>
>
> Thanks a Ton Martijn and Berin!
> I will soon try an upgrade to 1.3.4 and try it out.
> Once again my sincere thanks to you all for your speedy help!
>
> Martijn Dashorst wrote:
> >
> > the fix was a by-product of this issue:
> >
> > https://issues.apache.org/jira/browse/WICKET-1409
> >
> > So yes, upgrading to 1.3.4 or newer will fix your issue. Go convince
> > your management and tell them that it helps to keep up-to-date with
> > open source products because we tend to fix things (at no cost for
> > that matter!)
> >
> > Martijn
> >
> > On Fri, Jan 8, 2010 at 3:17 PM, Martijn Dashorst
> > <ma...@gmail.com> wrote:
> >> 1.3.4 fixed this issue....
> >>
> >> From the release notes [1]:
> >>
> >> * cross session leakage due to a dangling thread local in exceptional
> >> circumstances
> >> * memory leak in localizer (WICKET-1667)
> >>
> >> Martijn
> >>
> >> [1]
> http://wicket.apache.org/news.html#News-ApacheWicket1.3.4released%21
> >>
> >> On Fri, Jan 8, 2010 at 2:56 PM, Martijn Dashorst
> >> <ma...@gmail.com> wrote:
> >>> There has been a session leak somewhere in 1.3 iirc. This has to do
> >>> with the thread locals that store Session, RequestCycle and
> >>> Application during a request not being removed correctly.
> >>>
> >>> Martijn
> >>>
> >>> On Fri, Jan 8, 2010 at 2:38 PM, allgo <so...@yahoo.co.in> wrote:
> >>>>
> >>>> ok will do.
> >>>> But just a question to the experts - have you heard of this issue
> >>>> before?
> >>>> I went through the links below
> >>>>
> http://old.nabble.com/Storing-user-entity-in-session--tt22113666.html#a22113666
> >>>>
> http://old.nabble.com/Wicket-Session-and-threading-tt14595666.html#a14599963
> >>>>
> >>>>
> >>>> and apparently storing hibernate session object in wicket session was
> >>>> causing similar issues.
> >>>> Am doing the same and could this be one possible reason.
> >>>>
> >>>> I will try an upgrade, but unfortunately as I told I had tried for
> long
> >>>> to
> >>>> replicate this is dev but in vain. Only way could be to release in
> Live
> >>>> and
> >>>> test. But that would need quite a bit of convincing of my superiors
> >>>> (which
> >>>> is a bit tricky for a junior developer like me - the application had
> >>>> been
> >>>> coded and released 2 yrs back and no upgrade doen since those
> >>>> developers
> >>>> left !! :-) ). But worth a shot.
> >>>>
> >>>> If it is a hibernate issue I can store the account Id instead of teh
> >>>> Account
> >>>> object itself in wicket session and do a minor release.
> >>>>
> >>>> I will try an upgrade for 1.3.7 in the mean time in dev and see if I
> >>>> need
> >>>> any code / API changes.
> >>>>
> >>>> Regards,
> >>>> Soumya
> >>>>
> >>>>
> >>>>
> >>>> Martijn Dashorst wrote:
> >>>>>
> >>>>> Seriously... *BETA*? upgrade and then come back if things are still
> >>>>> wrong.
> >>>>>
> >>>>> Martijn
> >>>>>
> >>>>> On Fri, Jan 8, 2010 at 1:21 PM, allgo <so...@yahoo.co.in>
> wrote:
> >>>>>>
> >>>>>> 1.3.0-beta3 actually. Copied it from the Manifest file
> >>>>>>
> >>>>>> Martijn Dashorst wrote:
> >>>>>>>
> >>>>>>> 1.3.0?
> >>>>>>>
> >>>>>>> Martijn
> >>>>>>>
> >>>>>>> On Fri, Jan 8, 2010 at 1:12 PM, allgo <so...@yahoo.co.in>
> >>>>>>> wrote:
> >>>>>>>>
> >>>>>>>> Hi,
> >>>>>>>> The wicket version is 1.3. Sorry should have mentioned that.
> >>>>>>>>
> >>>>>>>> As such the User A, after he logs on is getting assigned the
> >>>>>>>> Account
> >>>>>>>> object
> >>>>>>>> of User B. And after soem logs we can see that User B had logged
> on
> >>>>>>>> a
> >>>>>>>> while
> >>>>>>>> before. Hence that Accoutn object was definitely fetched a whiel
> >>>>>>>> before.
> >>>>>>>> I
> >>>>>>>> did see a few threads which say Hibernate may eb a culprit but am
> >>>>>>>> not
> >>>>>>>> sure
> >>>>>>>> thats the case here.
> >>>>>>>>
> >>>>>>>> Please do let me know if you need any more info.
> >>>>>>>> Thanks,
> >>>>>>>> SSP
> >>>>>>>>
> >>>>>>>> Martijn Dashorst wrote:
> >>>>>>>>>
> >>>>>>>>> A wicket version number would be helpful...
> >>>>>>>>>
> >>>>>>>>> Martijn
> >>>>>>>>>
> >>>>>>>>> On Fri, Jan 8, 2010 at 12:17 PM, Soumya <so...@yahoo.co.in>
> >>>>>>>>> wrote:
> >>>>>>>>>> Hi all,
> >>>>>>>>>> I am fairly a newbie in wicket and would appreciate your help!
> >>>>>>>>>>
> >>>>>>>>>> I
> >>>>>>>>>> have a wicket application which are used on Live by more than
> 500
> >>>>>>>>>> users. Now the problem which has arisen is - say User A logs on
> -
> >>>>>>>>>> he
> >>>>>>>>>> is
> >>>>>>>>>> able to view details of User B. It has happened for different
> >>>>>>>>>> users
> >>>>>>>>>> and
> >>>>>>>>>> I am trying to dig the real reason.
> >>>>>>>>>>
> >>>>>>>>>> Here is my code details -
> >>>>>>>>>> 1) I use Hibernate to fetch 'Account' objects from backend
> >>>>>>>>>> passing on
> >>>>>>>>>> the
> >>>>>>>>>> username/password.
> >>>>>>>>>>
> >>>>>>>>>> 2) I use
> >>>>>>>>>> MyAppSession extends WebSession
> >>>>>>>>>> {
> >>>>>>>>>> private Account account;
> >>>>>>>>>>
> >>>>>>>>>> public InboundSession(Request request)
> >>>>>>>>>> {
> >>>>>>>>>> super(request);
> >>>>>>>>>> }
> >>>>>>>>>>
> >>>>>>>>>> public void setAccount(Account account)
> >>>>>>>>>> {
> >>>>>>>>>> this.account = account;
> >>>>>>>>>> }
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>> public Account getAccount()
> >>>>>>>>>> {
> >>>>>>>>>> return account;
> >>>>>>>>>> }
> >>>>>>>>>>
> >>>>>>>>>> public boolean isUserLoggedIn()
> >>>>>>>>>> {
> >>>>>>>>>> return account !=null;
> >>>>>>>>>> }
> >>>>>>>>>>
> >>>>>>>>>> }
> >>>>>>>>>>
> >>>>>>>>>> So
> >>>>>>>>>> effectively I check if the Account object in session is null or
> >>>>>>>>>> not
> >>>>>>>>>> and
> >>>>>>>>>> accordingly decide whether a user is logged in or not.
> >>>>>>>>>>
> >>>>>>>>>> 2) In Login class I pass on the username/password to
> >>>>>>>>>> HibernateAccountDao
> >>>>>>>>>> and fetch the Account object.
> >>>>>>>>>> Account account = accountDao.getAccount(username, password)
> >>>>>>>>>> MyAppSession session = (MyAppSession )getSession();
> >>>>>>>>>> session.setAccount(account);
> >>>>>>>>>> setResponsePage(Home.class);
> >>>>>>>>>>
> >>>>>>>>>> So effectively I fetch the accout object using hibernate and
> >>>>>>>>>> store it
> >>>>>>>>>> in
> >>>>>>>>>> wicket session.
> >>>>>>>>>> But I am not sure how these account objects are getting mixed up
> >>>>>>>>>> between
> >>>>>>>>>> users.
> >>>>>>>>>>
> >>>>>>>>>> Please can someone lead me to the route cause of the issue?
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>> Thanks in advance!
> >>>>>>>>>> SSP
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>> The INTERNET now has a personality. YOURS! See your Yahoo!
> >>>>>>>>>> Homepage.
> >>>>>>>>>> http://in.yahoo.com/
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> --
> >>>>>>>>> Become a Wicket expert, learn from the best:
> >>>>>>>>> http://wicketinaction.com
> >>>>>>>>> Apache Wicket 1.4 increases type safety for web applications
> >>>>>>>>> Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.4.4
> >>>>>>>>>
> >>>>>>>>>
> ---------------------------------------------------------------------
> >>>>>>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> >>>>>>>>> For additional commands, e-mail: users-help@wicket.apache.org
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>
> >>>>>>>> --
> >>>>>>>> View this message in context:
> >>>>>>>>
> http://old.nabble.com/Wicket-session-not-threadsafe--tp27074491p27075050.html
> >>>>>>>> Sent from the Wicket - User mailing list archive at Nabble.com.
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> ---------------------------------------------------------------------
> >>>>>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> >>>>>>>> For additional commands, e-mail: users-help@wicket.apache.org
> >>>>>>>>
> >>>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>> --
> >>>>>>> Become a Wicket expert, learn from the best:
> >>>>>>> http://wicketinaction.com
> >>>>>>> Apache Wicket 1.4 increases type safety for web applications
> >>>>>>> Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.4.4
> >>>>>>>
> >>>>>>>
> ---------------------------------------------------------------------
> >>>>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> >>>>>>> For additional commands, e-mail: users-help@wicket.apache.org
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>
> >>>>>> --
> >>>>>> View this message in context:
> >>>>>>
> http://old.nabble.com/Wicket-session-not-threadsafe--tp27074491p27075144.html
> >>>>>> Sent from the Wicket - User mailing list archive at Nabble.com.
> >>>>>>
> >>>>>>
> >>>>>>
> ---------------------------------------------------------------------
> >>>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> >>>>>> For additional commands, e-mail: users-help@wicket.apache.org
> >>>>>>
> >>>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> --
> >>>>> Become a Wicket expert, learn from the best:
> http://wicketinaction.com
> >>>>> Apache Wicket 1.4 increases type safety for web applications
> >>>>> Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.4.4
> >>>>>
> >>>>> ---------------------------------------------------------------------
> >>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> >>>>> For additional commands, e-mail: users-help@wicket.apache.org
> >>>>>
> >>>>>
> >>>>>
> >>>>
> >>>> --
> >>>> View this message in context:
> >>>>
> http://old.nabble.com/Wicket-session-not-threadsafe--tp27074491p27076056.html
> >>>> Sent from the Wicket - User mailing list archive at Nabble.com.
> >>>>
> >>>>
> >>>> ---------------------------------------------------------------------
> >>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> >>>> For additional commands, e-mail: users-help@wicket.apache.org
> >>>>
> >>>>
> >>>
> >>>
> >>>
> >>> --
> >>> Become a Wicket expert, learn from the best: http://wicketinaction.com
> >>> Apache Wicket 1.4 increases type safety for web applications
> >>> Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.4.4
> >>>
> >>
> >>
> >>
> >> --
> >> Become a Wicket expert, learn from the best: http://wicketinaction.com
> >> Apache Wicket 1.4 increases type safety for web applications
> >> Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.4.4
> >>
> >
> >
> >
> > --
> > Become a Wicket expert, learn from the best: http://wicketinaction.com
> > Apache Wicket 1.4 increases type safety for web applications
> > Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.4.4
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> > For additional commands, e-mail: users-help@wicket.apache.org
> >
> >
> >
>
> --
> View this message in context:
> http://old.nabble.com/Wicket-session-not-threadsafe--tp27074491p27077378.html
> Sent from the Wicket - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
Re: Wicket session not threadsafe?
Posted by allgo <so...@yahoo.co.in>.
Thanks a Ton Martijn and Berin!
I will soon try an upgrade to 1.3.4 and try it out.
Once again my sincere thanks to you all for your speedy help!
Martijn Dashorst wrote:
>
> the fix was a by-product of this issue:
>
> https://issues.apache.org/jira/browse/WICKET-1409
>
> So yes, upgrading to 1.3.4 or newer will fix your issue. Go convince
> your management and tell them that it helps to keep up-to-date with
> open source products because we tend to fix things (at no cost for
> that matter!)
>
> Martijn
>
> On Fri, Jan 8, 2010 at 3:17 PM, Martijn Dashorst
> <ma...@gmail.com> wrote:
>> 1.3.4 fixed this issue....
>>
>> From the release notes [1]:
>>
>> * cross session leakage due to a dangling thread local in exceptional
>> circumstances
>> * memory leak in localizer (WICKET-1667)
>>
>> Martijn
>>
>> [1] http://wicket.apache.org/news.html#News-ApacheWicket1.3.4released%21
>>
>> On Fri, Jan 8, 2010 at 2:56 PM, Martijn Dashorst
>> <ma...@gmail.com> wrote:
>>> There has been a session leak somewhere in 1.3 iirc. This has to do
>>> with the thread locals that store Session, RequestCycle and
>>> Application during a request not being removed correctly.
>>>
>>> Martijn
>>>
>>> On Fri, Jan 8, 2010 at 2:38 PM, allgo <so...@yahoo.co.in> wrote:
>>>>
>>>> ok will do.
>>>> But just a question to the experts - have you heard of this issue
>>>> before?
>>>> I went through the links below
>>>> http://old.nabble.com/Storing-user-entity-in-session--tt22113666.html#a22113666
>>>> http://old.nabble.com/Wicket-Session-and-threading-tt14595666.html#a14599963
>>>>
>>>>
>>>> and apparently storing hibernate session object in wicket session was
>>>> causing similar issues.
>>>> Am doing the same and could this be one possible reason.
>>>>
>>>> I will try an upgrade, but unfortunately as I told I had tried for long
>>>> to
>>>> replicate this is dev but in vain. Only way could be to release in Live
>>>> and
>>>> test. But that would need quite a bit of convincing of my superiors
>>>> (which
>>>> is a bit tricky for a junior developer like me - the application had
>>>> been
>>>> coded and released 2 yrs back and no upgrade doen since those
>>>> developers
>>>> left !! :-) ). But worth a shot.
>>>>
>>>> If it is a hibernate issue I can store the account Id instead of teh
>>>> Account
>>>> object itself in wicket session and do a minor release.
>>>>
>>>> I will try an upgrade for 1.3.7 in the mean time in dev and see if I
>>>> need
>>>> any code / API changes.
>>>>
>>>> Regards,
>>>> Soumya
>>>>
>>>>
>>>>
>>>> Martijn Dashorst wrote:
>>>>>
>>>>> Seriously... *BETA*? upgrade and then come back if things are still
>>>>> wrong.
>>>>>
>>>>> Martijn
>>>>>
>>>>> On Fri, Jan 8, 2010 at 1:21 PM, allgo <so...@yahoo.co.in> wrote:
>>>>>>
>>>>>> 1.3.0-beta3 actually. Copied it from the Manifest file
>>>>>>
>>>>>> Martijn Dashorst wrote:
>>>>>>>
>>>>>>> 1.3.0?
>>>>>>>
>>>>>>> Martijn
>>>>>>>
>>>>>>> On Fri, Jan 8, 2010 at 1:12 PM, allgo <so...@yahoo.co.in>
>>>>>>> wrote:
>>>>>>>>
>>>>>>>> Hi,
>>>>>>>> The wicket version is 1.3. Sorry should have mentioned that.
>>>>>>>>
>>>>>>>> As such the User A, after he logs on is getting assigned the
>>>>>>>> Account
>>>>>>>> object
>>>>>>>> of User B. And after soem logs we can see that User B had logged on
>>>>>>>> a
>>>>>>>> while
>>>>>>>> before. Hence that Accoutn object was definitely fetched a whiel
>>>>>>>> before.
>>>>>>>> I
>>>>>>>> did see a few threads which say Hibernate may eb a culprit but am
>>>>>>>> not
>>>>>>>> sure
>>>>>>>> thats the case here.
>>>>>>>>
>>>>>>>> Please do let me know if you need any more info.
>>>>>>>> Thanks,
>>>>>>>> SSP
>>>>>>>>
>>>>>>>> Martijn Dashorst wrote:
>>>>>>>>>
>>>>>>>>> A wicket version number would be helpful...
>>>>>>>>>
>>>>>>>>> Martijn
>>>>>>>>>
>>>>>>>>> On Fri, Jan 8, 2010 at 12:17 PM, Soumya <so...@yahoo.co.in>
>>>>>>>>> wrote:
>>>>>>>>>> Hi all,
>>>>>>>>>> I am fairly a newbie in wicket and would appreciate your help!
>>>>>>>>>>
>>>>>>>>>> I
>>>>>>>>>> have a wicket application which are used on Live by more than 500
>>>>>>>>>> users. Now the problem which has arisen is - say User A logs on -
>>>>>>>>>> he
>>>>>>>>>> is
>>>>>>>>>> able to view details of User B. It has happened for different
>>>>>>>>>> users
>>>>>>>>>> and
>>>>>>>>>> I am trying to dig the real reason.
>>>>>>>>>>
>>>>>>>>>> Here is my code details -
>>>>>>>>>> 1) I use Hibernate to fetch 'Account' objects from backend
>>>>>>>>>> passing on
>>>>>>>>>> the
>>>>>>>>>> username/password.
>>>>>>>>>>
>>>>>>>>>> 2) I use
>>>>>>>>>> MyAppSession extends WebSession
>>>>>>>>>> {
>>>>>>>>>> private Account account;
>>>>>>>>>>
>>>>>>>>>> public InboundSession(Request request)
>>>>>>>>>> {
>>>>>>>>>> super(request);
>>>>>>>>>> }
>>>>>>>>>>
>>>>>>>>>> public void setAccount(Account account)
>>>>>>>>>> {
>>>>>>>>>> this.account = account;
>>>>>>>>>> }
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> public Account getAccount()
>>>>>>>>>> {
>>>>>>>>>> return account;
>>>>>>>>>> }
>>>>>>>>>>
>>>>>>>>>> public boolean isUserLoggedIn()
>>>>>>>>>> {
>>>>>>>>>> return account !=null;
>>>>>>>>>> }
>>>>>>>>>>
>>>>>>>>>> }
>>>>>>>>>>
>>>>>>>>>> So
>>>>>>>>>> effectively I check if the Account object in session is null or
>>>>>>>>>> not
>>>>>>>>>> and
>>>>>>>>>> accordingly decide whether a user is logged in or not.
>>>>>>>>>>
>>>>>>>>>> 2) In Login class I pass on the username/password to
>>>>>>>>>> HibernateAccountDao
>>>>>>>>>> and fetch the Account object.
>>>>>>>>>> Account account = accountDao.getAccount(username, password)
>>>>>>>>>> MyAppSession session = (MyAppSession )getSession();
>>>>>>>>>> session.setAccount(account);
>>>>>>>>>> setResponsePage(Home.class);
>>>>>>>>>>
>>>>>>>>>> So effectively I fetch the accout object using hibernate and
>>>>>>>>>> store it
>>>>>>>>>> in
>>>>>>>>>> wicket session.
>>>>>>>>>> But I am not sure how these account objects are getting mixed up
>>>>>>>>>> between
>>>>>>>>>> users.
>>>>>>>>>>
>>>>>>>>>> Please can someone lead me to the route cause of the issue?
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Thanks in advance!
>>>>>>>>>> SSP
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> The INTERNET now has a personality. YOURS! See your Yahoo!
>>>>>>>>>> Homepage.
>>>>>>>>>> http://in.yahoo.com/
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Become a Wicket expert, learn from the best:
>>>>>>>>> http://wicketinaction.com
>>>>>>>>> Apache Wicket 1.4 increases type safety for web applications
>>>>>>>>> Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.4.4
>>>>>>>>>
>>>>>>>>> ---------------------------------------------------------------------
>>>>>>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>>>>>>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> View this message in context:
>>>>>>>> http://old.nabble.com/Wicket-session-not-threadsafe--tp27074491p27075050.html
>>>>>>>> Sent from the Wicket - User mailing list archive at Nabble.com.
>>>>>>>>
>>>>>>>>
>>>>>>>> ---------------------------------------------------------------------
>>>>>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>>>>>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Become a Wicket expert, learn from the best:
>>>>>>> http://wicketinaction.com
>>>>>>> Apache Wicket 1.4 increases type safety for web applications
>>>>>>> Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.4.4
>>>>>>>
>>>>>>> ---------------------------------------------------------------------
>>>>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>>>>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> --
>>>>>> View this message in context:
>>>>>> http://old.nabble.com/Wicket-session-not-threadsafe--tp27074491p27075144.html
>>>>>> Sent from the Wicket - User mailing list archive at Nabble.com.
>>>>>>
>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>>>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Become a Wicket expert, learn from the best: http://wicketinaction.com
>>>>> Apache Wicket 1.4 increases type safety for web applications
>>>>> Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.4.4
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>>>
>>>>>
>>>>>
>>>>
>>>> --
>>>> View this message in context:
>>>> http://old.nabble.com/Wicket-session-not-threadsafe--tp27074491p27076056.html
>>>> Sent from the Wicket - User mailing list archive at Nabble.com.
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>>
>>>>
>>>
>>>
>>>
>>> --
>>> Become a Wicket expert, learn from the best: http://wicketinaction.com
>>> Apache Wicket 1.4 increases type safety for web applications
>>> Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.4.4
>>>
>>
>>
>>
>> --
>> Become a Wicket expert, learn from the best: http://wicketinaction.com
>> Apache Wicket 1.4 increases type safety for web applications
>> Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.4.4
>>
>
>
>
> --
> Become a Wicket expert, learn from the best: http://wicketinaction.com
> Apache Wicket 1.4 increases type safety for web applications
> Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.4.4
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
>
--
View this message in context: http://old.nabble.com/Wicket-session-not-threadsafe--tp27074491p27077378.html
Sent from the Wicket - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Wicket session not threadsafe?
Posted by Martin Grigorov <mc...@e-card.bg>.
On Fri, 2010-01-08 at 15:21 +0100, Martijn Dashorst wrote:
> the fix was a by-product of this issue:
>
> https://issues.apache.org/jira/browse/WICKET-1409
>
> So yes, upgrading to 1.3.4 or newer will fix your issue. Go convince
> your management and tell them that it helps to keep up-to-date with
> open source products because we tend to fix things (at no cost for
> that matter!)
While I agree with you I (and my management) also think that you don't
have to be up-to-date unless you need a fix or a new feature otherwise
you have to do extensive testing or you may encounter a newly introduced
bug(s)
>
> Martijn
>
> On Fri, Jan 8, 2010 at 3:17 PM, Martijn Dashorst
> <ma...@gmail.com> wrote:
> > 1.3.4 fixed this issue....
> >
> > From the release notes [1]:
> >
> > * cross session leakage due to a dangling thread local in exceptional
> > circumstances
> > * memory leak in localizer (WICKET-1667)
> >
> > Martijn
> >
> > [1] http://wicket.apache.org/news.html#News-ApacheWicket1.3.4released%21
> >
> > On Fri, Jan 8, 2010 at 2:56 PM, Martijn Dashorst
> > <ma...@gmail.com> wrote:
> >> There has been a session leak somewhere in 1.3 iirc. This has to do
> >> with the thread locals that store Session, RequestCycle and
> >> Application during a request not being removed correctly.
> >>
> >> Martijn
> >>
> >> On Fri, Jan 8, 2010 at 2:38 PM, allgo <so...@yahoo.co.in> wrote:
> >>>
> >>> ok will do.
> >>> But just a question to the experts - have you heard of this issue before?
> >>> I went through the links below
> >>> http://old.nabble.com/Storing-user-entity-in-session--tt22113666.html#a22113666
> >>> http://old.nabble.com/Wicket-Session-and-threading-tt14595666.html#a14599963
> >>>
> >>>
> >>> and apparently storing hibernate session object in wicket session was
> >>> causing similar issues.
> >>> Am doing the same and could this be one possible reason.
> >>>
> >>> I will try an upgrade, but unfortunately as I told I had tried for long to
> >>> replicate this is dev but in vain. Only way could be to release in Live and
> >>> test. But that would need quite a bit of convincing of my superiors (which
> >>> is a bit tricky for a junior developer like me - the application had been
> >>> coded and released 2 yrs back and no upgrade doen since those developers
> >>> left !! :-) ). But worth a shot.
> >>>
> >>> If it is a hibernate issue I can store the account Id instead of teh Account
> >>> object itself in wicket session and do a minor release.
> >>>
> >>> I will try an upgrade for 1.3.7 in the mean time in dev and see if I need
> >>> any code / API changes.
> >>>
> >>> Regards,
> >>> Soumya
> >>>
> >>>
> >>>
> >>> Martijn Dashorst wrote:
> >>>>
> >>>> Seriously... *BETA*? upgrade and then come back if things are still wrong.
> >>>>
> >>>> Martijn
> >>>>
> >>>> On Fri, Jan 8, 2010 at 1:21 PM, allgo <so...@yahoo.co.in> wrote:
> >>>>>
> >>>>> 1.3.0-beta3 actually. Copied it from the Manifest file
> >>>>>
> >>>>> Martijn Dashorst wrote:
> >>>>>>
> >>>>>> 1.3.0?
> >>>>>>
> >>>>>> Martijn
> >>>>>>
> >>>>>> On Fri, Jan 8, 2010 at 1:12 PM, allgo <so...@yahoo.co.in> wrote:
> >>>>>>>
> >>>>>>> Hi,
> >>>>>>> The wicket version is 1.3. Sorry should have mentioned that.
> >>>>>>>
> >>>>>>> As such the User A, after he logs on is getting assigned the Account
> >>>>>>> object
> >>>>>>> of User B. And after soem logs we can see that User B had logged on a
> >>>>>>> while
> >>>>>>> before. Hence that Accoutn object was definitely fetched a whiel
> >>>>>>> before.
> >>>>>>> I
> >>>>>>> did see a few threads which say Hibernate may eb a culprit but am not
> >>>>>>> sure
> >>>>>>> thats the case here.
> >>>>>>>
> >>>>>>> Please do let me know if you need any more info.
> >>>>>>> Thanks,
> >>>>>>> SSP
> >>>>>>>
> >>>>>>> Martijn Dashorst wrote:
> >>>>>>>>
> >>>>>>>> A wicket version number would be helpful...
> >>>>>>>>
> >>>>>>>> Martijn
> >>>>>>>>
> >>>>>>>> On Fri, Jan 8, 2010 at 12:17 PM, Soumya <so...@yahoo.co.in>
> >>>>>>>> wrote:
> >>>>>>>>> Hi all,
> >>>>>>>>> I am fairly a newbie in wicket and would appreciate your help!
> >>>>>>>>>
> >>>>>>>>> I
> >>>>>>>>> have a wicket application which are used on Live by more than 500
> >>>>>>>>> users. Now the problem which has arisen is - say User A logs on - he
> >>>>>>>>> is
> >>>>>>>>> able to view details of User B. It has happened for different users
> >>>>>>>>> and
> >>>>>>>>> I am trying to dig the real reason.
> >>>>>>>>>
> >>>>>>>>> Here is my code details -
> >>>>>>>>> 1) I use Hibernate to fetch 'Account' objects from backend passing on
> >>>>>>>>> the
> >>>>>>>>> username/password.
> >>>>>>>>>
> >>>>>>>>> 2) I use
> >>>>>>>>> MyAppSession extends WebSession
> >>>>>>>>> {
> >>>>>>>>> private Account account;
> >>>>>>>>>
> >>>>>>>>> public InboundSession(Request request)
> >>>>>>>>> {
> >>>>>>>>> super(request);
> >>>>>>>>> }
> >>>>>>>>>
> >>>>>>>>> public void setAccount(Account account)
> >>>>>>>>> {
> >>>>>>>>> this.account = account;
> >>>>>>>>> }
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> public Account getAccount()
> >>>>>>>>> {
> >>>>>>>>> return account;
> >>>>>>>>> }
> >>>>>>>>>
> >>>>>>>>> public boolean isUserLoggedIn()
> >>>>>>>>> {
> >>>>>>>>> return account !=null;
> >>>>>>>>> }
> >>>>>>>>>
> >>>>>>>>> }
> >>>>>>>>>
> >>>>>>>>> So
> >>>>>>>>> effectively I check if the Account object in session is null or not
> >>>>>>>>> and
> >>>>>>>>> accordingly decide whether a user is logged in or not.
> >>>>>>>>>
> >>>>>>>>> 2) In Login class I pass on the username/password to
> >>>>>>>>> HibernateAccountDao
> >>>>>>>>> and fetch the Account object.
> >>>>>>>>> Account account = accountDao.getAccount(username, password)
> >>>>>>>>> MyAppSession session = (MyAppSession )getSession();
> >>>>>>>>> session.setAccount(account);
> >>>>>>>>> setResponsePage(Home.class);
> >>>>>>>>>
> >>>>>>>>> So effectively I fetch the accout object using hibernate and store it
> >>>>>>>>> in
> >>>>>>>>> wicket session.
> >>>>>>>>> But I am not sure how these account objects are getting mixed up
> >>>>>>>>> between
> >>>>>>>>> users.
> >>>>>>>>>
> >>>>>>>>> Please can someone lead me to the route cause of the issue?
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> Thanks in advance!
> >>>>>>>>> SSP
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> The INTERNET now has a personality. YOURS! See your Yahoo!
> >>>>>>>>> Homepage.
> >>>>>>>>> http://in.yahoo.com/
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> --
> >>>>>>>> Become a Wicket expert, learn from the best: http://wicketinaction.com
> >>>>>>>> Apache Wicket 1.4 increases type safety for web applications
> >>>>>>>> Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.4.4
> >>>>>>>>
> >>>>>>>> ---------------------------------------------------------------------
> >>>>>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> >>>>>>>> For additional commands, e-mail: users-help@wicket.apache.org
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>
> >>>>>>> --
> >>>>>>> View this message in context:
> >>>>>>> http://old.nabble.com/Wicket-session-not-threadsafe--tp27074491p27075050.html
> >>>>>>> Sent from the Wicket - User mailing list archive at Nabble.com.
> >>>>>>>
> >>>>>>>
> >>>>>>> ---------------------------------------------------------------------
> >>>>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> >>>>>>> For additional commands, e-mail: users-help@wicket.apache.org
> >>>>>>>
> >>>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> --
> >>>>>> Become a Wicket expert, learn from the best: http://wicketinaction.com
> >>>>>> Apache Wicket 1.4 increases type safety for web applications
> >>>>>> Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.4.4
> >>>>>>
> >>>>>> ---------------------------------------------------------------------
> >>>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> >>>>>> For additional commands, e-mail: users-help@wicket.apache.org
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>
> >>>>> --
> >>>>> View this message in context:
> >>>>> http://old.nabble.com/Wicket-session-not-threadsafe--tp27074491p27075144.html
> >>>>> Sent from the Wicket - User mailing list archive at Nabble.com.
> >>>>>
> >>>>>
> >>>>> ---------------------------------------------------------------------
> >>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> >>>>> For additional commands, e-mail: users-help@wicket.apache.org
> >>>>>
> >>>>>
> >>>>
> >>>>
> >>>>
> >>>> --
> >>>> Become a Wicket expert, learn from the best: http://wicketinaction.com
> >>>> Apache Wicket 1.4 increases type safety for web applications
> >>>> Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.4.4
> >>>>
> >>>> ---------------------------------------------------------------------
> >>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> >>>> For additional commands, e-mail: users-help@wicket.apache.org
> >>>>
> >>>>
> >>>>
> >>>
> >>> --
> >>> View this message in context: http://old.nabble.com/Wicket-session-not-threadsafe--tp27074491p27076056.html
> >>> Sent from the Wicket - User mailing list archive at Nabble.com.
> >>>
> >>>
> >>> ---------------------------------------------------------------------
> >>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> >>> For additional commands, e-mail: users-help@wicket.apache.org
> >>>
> >>>
> >>
> >>
> >>
> >> --
> >> Become a Wicket expert, learn from the best: http://wicketinaction.com
> >> Apache Wicket 1.4 increases type safety for web applications
> >> Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.4.4
> >>
> >
> >
> >
> > --
> > Become a Wicket expert, learn from the best: http://wicketinaction.com
> > Apache Wicket 1.4 increases type safety for web applications
> > Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.4.4
> >
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Wicket session not threadsafe?
Posted by Martijn Dashorst <ma...@gmail.com>.
the fix was a by-product of this issue:
https://issues.apache.org/jira/browse/WICKET-1409
So yes, upgrading to 1.3.4 or newer will fix your issue. Go convince
your management and tell them that it helps to keep up-to-date with
open source products because we tend to fix things (at no cost for
that matter!)
Martijn
On Fri, Jan 8, 2010 at 3:17 PM, Martijn Dashorst
<ma...@gmail.com> wrote:
> 1.3.4 fixed this issue....
>
> From the release notes [1]:
>
> * cross session leakage due to a dangling thread local in exceptional
> circumstances
> * memory leak in localizer (WICKET-1667)
>
> Martijn
>
> [1] http://wicket.apache.org/news.html#News-ApacheWicket1.3.4released%21
>
> On Fri, Jan 8, 2010 at 2:56 PM, Martijn Dashorst
> <ma...@gmail.com> wrote:
>> There has been a session leak somewhere in 1.3 iirc. This has to do
>> with the thread locals that store Session, RequestCycle and
>> Application during a request not being removed correctly.
>>
>> Martijn
>>
>> On Fri, Jan 8, 2010 at 2:38 PM, allgo <so...@yahoo.co.in> wrote:
>>>
>>> ok will do.
>>> But just a question to the experts - have you heard of this issue before?
>>> I went through the links below
>>> http://old.nabble.com/Storing-user-entity-in-session--tt22113666.html#a22113666
>>> http://old.nabble.com/Wicket-Session-and-threading-tt14595666.html#a14599963
>>>
>>>
>>> and apparently storing hibernate session object in wicket session was
>>> causing similar issues.
>>> Am doing the same and could this be one possible reason.
>>>
>>> I will try an upgrade, but unfortunately as I told I had tried for long to
>>> replicate this is dev but in vain. Only way could be to release in Live and
>>> test. But that would need quite a bit of convincing of my superiors (which
>>> is a bit tricky for a junior developer like me - the application had been
>>> coded and released 2 yrs back and no upgrade doen since those developers
>>> left !! :-) ). But worth a shot.
>>>
>>> If it is a hibernate issue I can store the account Id instead of teh Account
>>> object itself in wicket session and do a minor release.
>>>
>>> I will try an upgrade for 1.3.7 in the mean time in dev and see if I need
>>> any code / API changes.
>>>
>>> Regards,
>>> Soumya
>>>
>>>
>>>
>>> Martijn Dashorst wrote:
>>>>
>>>> Seriously... *BETA*? upgrade and then come back if things are still wrong.
>>>>
>>>> Martijn
>>>>
>>>> On Fri, Jan 8, 2010 at 1:21 PM, allgo <so...@yahoo.co.in> wrote:
>>>>>
>>>>> 1.3.0-beta3 actually. Copied it from the Manifest file
>>>>>
>>>>> Martijn Dashorst wrote:
>>>>>>
>>>>>> 1.3.0?
>>>>>>
>>>>>> Martijn
>>>>>>
>>>>>> On Fri, Jan 8, 2010 at 1:12 PM, allgo <so...@yahoo.co.in> wrote:
>>>>>>>
>>>>>>> Hi,
>>>>>>> The wicket version is 1.3. Sorry should have mentioned that.
>>>>>>>
>>>>>>> As such the User A, after he logs on is getting assigned the Account
>>>>>>> object
>>>>>>> of User B. And after soem logs we can see that User B had logged on a
>>>>>>> while
>>>>>>> before. Hence that Accoutn object was definitely fetched a whiel
>>>>>>> before.
>>>>>>> I
>>>>>>> did see a few threads which say Hibernate may eb a culprit but am not
>>>>>>> sure
>>>>>>> thats the case here.
>>>>>>>
>>>>>>> Please do let me know if you need any more info.
>>>>>>> Thanks,
>>>>>>> SSP
>>>>>>>
>>>>>>> Martijn Dashorst wrote:
>>>>>>>>
>>>>>>>> A wicket version number would be helpful...
>>>>>>>>
>>>>>>>> Martijn
>>>>>>>>
>>>>>>>> On Fri, Jan 8, 2010 at 12:17 PM, Soumya <so...@yahoo.co.in>
>>>>>>>> wrote:
>>>>>>>>> Hi all,
>>>>>>>>> I am fairly a newbie in wicket and would appreciate your help!
>>>>>>>>>
>>>>>>>>> I
>>>>>>>>> have a wicket application which are used on Live by more than 500
>>>>>>>>> users. Now the problem which has arisen is - say User A logs on - he
>>>>>>>>> is
>>>>>>>>> able to view details of User B. It has happened for different users
>>>>>>>>> and
>>>>>>>>> I am trying to dig the real reason.
>>>>>>>>>
>>>>>>>>> Here is my code details -
>>>>>>>>> 1) I use Hibernate to fetch 'Account' objects from backend passing on
>>>>>>>>> the
>>>>>>>>> username/password.
>>>>>>>>>
>>>>>>>>> 2) I use
>>>>>>>>> MyAppSession extends WebSession
>>>>>>>>> {
>>>>>>>>> private Account account;
>>>>>>>>>
>>>>>>>>> public InboundSession(Request request)
>>>>>>>>> {
>>>>>>>>> super(request);
>>>>>>>>> }
>>>>>>>>>
>>>>>>>>> public void setAccount(Account account)
>>>>>>>>> {
>>>>>>>>> this.account = account;
>>>>>>>>> }
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> public Account getAccount()
>>>>>>>>> {
>>>>>>>>> return account;
>>>>>>>>> }
>>>>>>>>>
>>>>>>>>> public boolean isUserLoggedIn()
>>>>>>>>> {
>>>>>>>>> return account !=null;
>>>>>>>>> }
>>>>>>>>>
>>>>>>>>> }
>>>>>>>>>
>>>>>>>>> So
>>>>>>>>> effectively I check if the Account object in session is null or not
>>>>>>>>> and
>>>>>>>>> accordingly decide whether a user is logged in or not.
>>>>>>>>>
>>>>>>>>> 2) In Login class I pass on the username/password to
>>>>>>>>> HibernateAccountDao
>>>>>>>>> and fetch the Account object.
>>>>>>>>> Account account = accountDao.getAccount(username, password)
>>>>>>>>> MyAppSession session = (MyAppSession )getSession();
>>>>>>>>> session.setAccount(account);
>>>>>>>>> setResponsePage(Home.class);
>>>>>>>>>
>>>>>>>>> So effectively I fetch the accout object using hibernate and store it
>>>>>>>>> in
>>>>>>>>> wicket session.
>>>>>>>>> But I am not sure how these account objects are getting mixed up
>>>>>>>>> between
>>>>>>>>> users.
>>>>>>>>>
>>>>>>>>> Please can someone lead me to the route cause of the issue?
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Thanks in advance!
>>>>>>>>> SSP
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> The INTERNET now has a personality. YOURS! See your Yahoo!
>>>>>>>>> Homepage.
>>>>>>>>> http://in.yahoo.com/
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Become a Wicket expert, learn from the best: http://wicketinaction.com
>>>>>>>> Apache Wicket 1.4 increases type safety for web applications
>>>>>>>> Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.4.4
>>>>>>>>
>>>>>>>> ---------------------------------------------------------------------
>>>>>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>>>>>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> View this message in context:
>>>>>>> http://old.nabble.com/Wicket-session-not-threadsafe--tp27074491p27075050.html
>>>>>>> Sent from the Wicket - User mailing list archive at Nabble.com.
>>>>>>>
>>>>>>>
>>>>>>> ---------------------------------------------------------------------
>>>>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>>>>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Become a Wicket expert, learn from the best: http://wicketinaction.com
>>>>>> Apache Wicket 1.4 increases type safety for web applications
>>>>>> Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.4.4
>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>>>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>> --
>>>>> View this message in context:
>>>>> http://old.nabble.com/Wicket-session-not-threadsafe--tp27074491p27075144.html
>>>>> Sent from the Wicket - User mailing list archive at Nabble.com.
>>>>>
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Become a Wicket expert, learn from the best: http://wicketinaction.com
>>>> Apache Wicket 1.4 increases type safety for web applications
>>>> Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.4.4
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>>
>>>>
>>>>
>>>
>>> --
>>> View this message in context: http://old.nabble.com/Wicket-session-not-threadsafe--tp27074491p27076056.html
>>> Sent from the Wicket - User mailing list archive at Nabble.com.
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>
>>>
>>
>>
>>
>> --
>> Become a Wicket expert, learn from the best: http://wicketinaction.com
>> Apache Wicket 1.4 increases type safety for web applications
>> Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.4.4
>>
>
>
>
> --
> Become a Wicket expert, learn from the best: http://wicketinaction.com
> Apache Wicket 1.4 increases type safety for web applications
> Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.4.4
>
--
Become a Wicket expert, learn from the best: http://wicketinaction.com
Apache Wicket 1.4 increases type safety for web applications
Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.4.4
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Wicket session not threadsafe?
Posted by Martijn Dashorst <ma...@gmail.com>.
1.3.4 fixed this issue....
>From the release notes [1]:
* cross session leakage due to a dangling thread local in exceptional
circumstances
* memory leak in localizer (WICKET-1667)
Martijn
[1] http://wicket.apache.org/news.html#News-ApacheWicket1.3.4released%21
On Fri, Jan 8, 2010 at 2:56 PM, Martijn Dashorst
<ma...@gmail.com> wrote:
> There has been a session leak somewhere in 1.3 iirc. This has to do
> with the thread locals that store Session, RequestCycle and
> Application during a request not being removed correctly.
>
> Martijn
>
> On Fri, Jan 8, 2010 at 2:38 PM, allgo <so...@yahoo.co.in> wrote:
>>
>> ok will do.
>> But just a question to the experts - have you heard of this issue before?
>> I went through the links below
>> http://old.nabble.com/Storing-user-entity-in-session--tt22113666.html#a22113666
>> http://old.nabble.com/Wicket-Session-and-threading-tt14595666.html#a14599963
>>
>>
>> and apparently storing hibernate session object in wicket session was
>> causing similar issues.
>> Am doing the same and could this be one possible reason.
>>
>> I will try an upgrade, but unfortunately as I told I had tried for long to
>> replicate this is dev but in vain. Only way could be to release in Live and
>> test. But that would need quite a bit of convincing of my superiors (which
>> is a bit tricky for a junior developer like me - the application had been
>> coded and released 2 yrs back and no upgrade doen since those developers
>> left !! :-) ). But worth a shot.
>>
>> If it is a hibernate issue I can store the account Id instead of teh Account
>> object itself in wicket session and do a minor release.
>>
>> I will try an upgrade for 1.3.7 in the mean time in dev and see if I need
>> any code / API changes.
>>
>> Regards,
>> Soumya
>>
>>
>>
>> Martijn Dashorst wrote:
>>>
>>> Seriously... *BETA*? upgrade and then come back if things are still wrong.
>>>
>>> Martijn
>>>
>>> On Fri, Jan 8, 2010 at 1:21 PM, allgo <so...@yahoo.co.in> wrote:
>>>>
>>>> 1.3.0-beta3 actually. Copied it from the Manifest file
>>>>
>>>> Martijn Dashorst wrote:
>>>>>
>>>>> 1.3.0?
>>>>>
>>>>> Martijn
>>>>>
>>>>> On Fri, Jan 8, 2010 at 1:12 PM, allgo <so...@yahoo.co.in> wrote:
>>>>>>
>>>>>> Hi,
>>>>>> The wicket version is 1.3. Sorry should have mentioned that.
>>>>>>
>>>>>> As such the User A, after he logs on is getting assigned the Account
>>>>>> object
>>>>>> of User B. And after soem logs we can see that User B had logged on a
>>>>>> while
>>>>>> before. Hence that Accoutn object was definitely fetched a whiel
>>>>>> before.
>>>>>> I
>>>>>> did see a few threads which say Hibernate may eb a culprit but am not
>>>>>> sure
>>>>>> thats the case here.
>>>>>>
>>>>>> Please do let me know if you need any more info.
>>>>>> Thanks,
>>>>>> SSP
>>>>>>
>>>>>> Martijn Dashorst wrote:
>>>>>>>
>>>>>>> A wicket version number would be helpful...
>>>>>>>
>>>>>>> Martijn
>>>>>>>
>>>>>>> On Fri, Jan 8, 2010 at 12:17 PM, Soumya <so...@yahoo.co.in>
>>>>>>> wrote:
>>>>>>>> Hi all,
>>>>>>>> I am fairly a newbie in wicket and would appreciate your help!
>>>>>>>>
>>>>>>>> I
>>>>>>>> have a wicket application which are used on Live by more than 500
>>>>>>>> users. Now the problem which has arisen is - say User A logs on - he
>>>>>>>> is
>>>>>>>> able to view details of User B. It has happened for different users
>>>>>>>> and
>>>>>>>> I am trying to dig the real reason.
>>>>>>>>
>>>>>>>> Here is my code details -
>>>>>>>> 1) I use Hibernate to fetch 'Account' objects from backend passing on
>>>>>>>> the
>>>>>>>> username/password.
>>>>>>>>
>>>>>>>> 2) I use
>>>>>>>> MyAppSession extends WebSession
>>>>>>>> {
>>>>>>>> private Account account;
>>>>>>>>
>>>>>>>> public InboundSession(Request request)
>>>>>>>> {
>>>>>>>> super(request);
>>>>>>>> }
>>>>>>>>
>>>>>>>> public void setAccount(Account account)
>>>>>>>> {
>>>>>>>> this.account = account;
>>>>>>>> }
>>>>>>>>
>>>>>>>>
>>>>>>>> public Account getAccount()
>>>>>>>> {
>>>>>>>> return account;
>>>>>>>> }
>>>>>>>>
>>>>>>>> public boolean isUserLoggedIn()
>>>>>>>> {
>>>>>>>> return account !=null;
>>>>>>>> }
>>>>>>>>
>>>>>>>> }
>>>>>>>>
>>>>>>>> So
>>>>>>>> effectively I check if the Account object in session is null or not
>>>>>>>> and
>>>>>>>> accordingly decide whether a user is logged in or not.
>>>>>>>>
>>>>>>>> 2) In Login class I pass on the username/password to
>>>>>>>> HibernateAccountDao
>>>>>>>> and fetch the Account object.
>>>>>>>> Account account = accountDao.getAccount(username, password)
>>>>>>>> MyAppSession session = (MyAppSession )getSession();
>>>>>>>> session.setAccount(account);
>>>>>>>> setResponsePage(Home.class);
>>>>>>>>
>>>>>>>> So effectively I fetch the accout object using hibernate and store it
>>>>>>>> in
>>>>>>>> wicket session.
>>>>>>>> But I am not sure how these account objects are getting mixed up
>>>>>>>> between
>>>>>>>> users.
>>>>>>>>
>>>>>>>> Please can someone lead me to the route cause of the issue?
>>>>>>>>
>>>>>>>>
>>>>>>>> Thanks in advance!
>>>>>>>> SSP
>>>>>>>>
>>>>>>>>
>>>>>>>> The INTERNET now has a personality. YOURS! See your Yahoo!
>>>>>>>> Homepage.
>>>>>>>> http://in.yahoo.com/
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Become a Wicket expert, learn from the best: http://wicketinaction.com
>>>>>>> Apache Wicket 1.4 increases type safety for web applications
>>>>>>> Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.4.4
>>>>>>>
>>>>>>> ---------------------------------------------------------------------
>>>>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>>>>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> --
>>>>>> View this message in context:
>>>>>> http://old.nabble.com/Wicket-session-not-threadsafe--tp27074491p27075050.html
>>>>>> Sent from the Wicket - User mailing list archive at Nabble.com.
>>>>>>
>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>>>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Become a Wicket expert, learn from the best: http://wicketinaction.com
>>>>> Apache Wicket 1.4 increases type safety for web applications
>>>>> Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.4.4
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>>>
>>>>>
>>>>>
>>>>
>>>> --
>>>> View this message in context:
>>>> http://old.nabble.com/Wicket-session-not-threadsafe--tp27074491p27075144.html
>>>> Sent from the Wicket - User mailing list archive at Nabble.com.
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>>
>>>>
>>>
>>>
>>>
>>> --
>>> Become a Wicket expert, learn from the best: http://wicketinaction.com
>>> Apache Wicket 1.4 increases type safety for web applications
>>> Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.4.4
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>
>>>
>>>
>>
>> --
>> View this message in context: http://old.nabble.com/Wicket-session-not-threadsafe--tp27074491p27076056.html
>> Sent from the Wicket - User mailing list archive at Nabble.com.
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>> For additional commands, e-mail: users-help@wicket.apache.org
>>
>>
>
>
>
> --
> Become a Wicket expert, learn from the best: http://wicketinaction.com
> Apache Wicket 1.4 increases type safety for web applications
> Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.4.4
>
--
Become a Wicket expert, learn from the best: http://wicketinaction.com
Apache Wicket 1.4 increases type safety for web applications
Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.4.4
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Wicket session not threadsafe?
Posted by Martijn Dashorst <ma...@gmail.com>.
There has been a session leak somewhere in 1.3 iirc. This has to do
with the thread locals that store Session, RequestCycle and
Application during a request not being removed correctly.
Martijn
On Fri, Jan 8, 2010 at 2:38 PM, allgo <so...@yahoo.co.in> wrote:
>
> ok will do.
> But just a question to the experts - have you heard of this issue before?
> I went through the links below
> http://old.nabble.com/Storing-user-entity-in-session--tt22113666.html#a22113666
> http://old.nabble.com/Wicket-Session-and-threading-tt14595666.html#a14599963
>
>
> and apparently storing hibernate session object in wicket session was
> causing similar issues.
> Am doing the same and could this be one possible reason.
>
> I will try an upgrade, but unfortunately as I told I had tried for long to
> replicate this is dev but in vain. Only way could be to release in Live and
> test. But that would need quite a bit of convincing of my superiors (which
> is a bit tricky for a junior developer like me - the application had been
> coded and released 2 yrs back and no upgrade doen since those developers
> left !! :-) ). But worth a shot.
>
> If it is a hibernate issue I can store the account Id instead of teh Account
> object itself in wicket session and do a minor release.
>
> I will try an upgrade for 1.3.7 in the mean time in dev and see if I need
> any code / API changes.
>
> Regards,
> Soumya
>
>
>
> Martijn Dashorst wrote:
>>
>> Seriously... *BETA*? upgrade and then come back if things are still wrong.
>>
>> Martijn
>>
>> On Fri, Jan 8, 2010 at 1:21 PM, allgo <so...@yahoo.co.in> wrote:
>>>
>>> 1.3.0-beta3 actually. Copied it from the Manifest file
>>>
>>> Martijn Dashorst wrote:
>>>>
>>>> 1.3.0?
>>>>
>>>> Martijn
>>>>
>>>> On Fri, Jan 8, 2010 at 1:12 PM, allgo <so...@yahoo.co.in> wrote:
>>>>>
>>>>> Hi,
>>>>> The wicket version is 1.3. Sorry should have mentioned that.
>>>>>
>>>>> As such the User A, after he logs on is getting assigned the Account
>>>>> object
>>>>> of User B. And after soem logs we can see that User B had logged on a
>>>>> while
>>>>> before. Hence that Accoutn object was definitely fetched a whiel
>>>>> before.
>>>>> I
>>>>> did see a few threads which say Hibernate may eb a culprit but am not
>>>>> sure
>>>>> thats the case here.
>>>>>
>>>>> Please do let me know if you need any more info.
>>>>> Thanks,
>>>>> SSP
>>>>>
>>>>> Martijn Dashorst wrote:
>>>>>>
>>>>>> A wicket version number would be helpful...
>>>>>>
>>>>>> Martijn
>>>>>>
>>>>>> On Fri, Jan 8, 2010 at 12:17 PM, Soumya <so...@yahoo.co.in>
>>>>>> wrote:
>>>>>>> Hi all,
>>>>>>> I am fairly a newbie in wicket and would appreciate your help!
>>>>>>>
>>>>>>> I
>>>>>>> have a wicket application which are used on Live by more than 500
>>>>>>> users. Now the problem which has arisen is - say User A logs on - he
>>>>>>> is
>>>>>>> able to view details of User B. It has happened for different users
>>>>>>> and
>>>>>>> I am trying to dig the real reason.
>>>>>>>
>>>>>>> Here is my code details -
>>>>>>> 1) I use Hibernate to fetch 'Account' objects from backend passing on
>>>>>>> the
>>>>>>> username/password.
>>>>>>>
>>>>>>> 2) I use
>>>>>>> MyAppSession extends WebSession
>>>>>>> {
>>>>>>> private Account account;
>>>>>>>
>>>>>>> public InboundSession(Request request)
>>>>>>> {
>>>>>>> super(request);
>>>>>>> }
>>>>>>>
>>>>>>> public void setAccount(Account account)
>>>>>>> {
>>>>>>> this.account = account;
>>>>>>> }
>>>>>>>
>>>>>>>
>>>>>>> public Account getAccount()
>>>>>>> {
>>>>>>> return account;
>>>>>>> }
>>>>>>>
>>>>>>> public boolean isUserLoggedIn()
>>>>>>> {
>>>>>>> return account !=null;
>>>>>>> }
>>>>>>>
>>>>>>> }
>>>>>>>
>>>>>>> So
>>>>>>> effectively I check if the Account object in session is null or not
>>>>>>> and
>>>>>>> accordingly decide whether a user is logged in or not.
>>>>>>>
>>>>>>> 2) In Login class I pass on the username/password to
>>>>>>> HibernateAccountDao
>>>>>>> and fetch the Account object.
>>>>>>> Account account = accountDao.getAccount(username, password)
>>>>>>> MyAppSession session = (MyAppSession )getSession();
>>>>>>> session.setAccount(account);
>>>>>>> setResponsePage(Home.class);
>>>>>>>
>>>>>>> So effectively I fetch the accout object using hibernate and store it
>>>>>>> in
>>>>>>> wicket session.
>>>>>>> But I am not sure how these account objects are getting mixed up
>>>>>>> between
>>>>>>> users.
>>>>>>>
>>>>>>> Please can someone lead me to the route cause of the issue?
>>>>>>>
>>>>>>>
>>>>>>> Thanks in advance!
>>>>>>> SSP
>>>>>>>
>>>>>>>
>>>>>>> The INTERNET now has a personality. YOURS! See your Yahoo!
>>>>>>> Homepage.
>>>>>>> http://in.yahoo.com/
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Become a Wicket expert, learn from the best: http://wicketinaction.com
>>>>>> Apache Wicket 1.4 increases type safety for web applications
>>>>>> Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.4.4
>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>>>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>> --
>>>>> View this message in context:
>>>>> http://old.nabble.com/Wicket-session-not-threadsafe--tp27074491p27075050.html
>>>>> Sent from the Wicket - User mailing list archive at Nabble.com.
>>>>>
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Become a Wicket expert, learn from the best: http://wicketinaction.com
>>>> Apache Wicket 1.4 increases type safety for web applications
>>>> Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.4.4
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>>
>>>>
>>>>
>>>
>>> --
>>> View this message in context:
>>> http://old.nabble.com/Wicket-session-not-threadsafe--tp27074491p27075144.html
>>> Sent from the Wicket - User mailing list archive at Nabble.com.
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>
>>>
>>
>>
>>
>> --
>> Become a Wicket expert, learn from the best: http://wicketinaction.com
>> Apache Wicket 1.4 increases type safety for web applications
>> Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.4.4
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>> For additional commands, e-mail: users-help@wicket.apache.org
>>
>>
>>
>
> --
> View this message in context: http://old.nabble.com/Wicket-session-not-threadsafe--tp27074491p27076056.html
> Sent from the Wicket - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
--
Become a Wicket expert, learn from the best: http://wicketinaction.com
Apache Wicket 1.4 increases type safety for web applications
Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.4.4
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Wicket session not threadsafe?
Posted by allgo <so...@yahoo.co.in>.
ok will do.
But just a question to the experts - have you heard of this issue before?
I went through the links below
http://old.nabble.com/Storing-user-entity-in-session--tt22113666.html#a22113666
http://old.nabble.com/Wicket-Session-and-threading-tt14595666.html#a14599963
and apparently storing hibernate session object in wicket session was
causing similar issues.
Am doing the same and could this be one possible reason.
I will try an upgrade, but unfortunately as I told I had tried for long to
replicate this is dev but in vain. Only way could be to release in Live and
test. But that would need quite a bit of convincing of my superiors (which
is a bit tricky for a junior developer like me - the application had been
coded and released 2 yrs back and no upgrade doen since those developers
left !! :-) ). But worth a shot.
If it is a hibernate issue I can store the account Id instead of teh Account
object itself in wicket session and do a minor release.
I will try an upgrade for 1.3.7 in the mean time in dev and see if I need
any code / API changes.
Regards,
Soumya
Martijn Dashorst wrote:
>
> Seriously... *BETA*? upgrade and then come back if things are still wrong.
>
> Martijn
>
> On Fri, Jan 8, 2010 at 1:21 PM, allgo <so...@yahoo.co.in> wrote:
>>
>> 1.3.0-beta3 actually. Copied it from the Manifest file
>>
>> Martijn Dashorst wrote:
>>>
>>> 1.3.0?
>>>
>>> Martijn
>>>
>>> On Fri, Jan 8, 2010 at 1:12 PM, allgo <so...@yahoo.co.in> wrote:
>>>>
>>>> Hi,
>>>> The wicket version is 1.3. Sorry should have mentioned that.
>>>>
>>>> As such the User A, after he logs on is getting assigned the Account
>>>> object
>>>> of User B. And after soem logs we can see that User B had logged on a
>>>> while
>>>> before. Hence that Accoutn object was definitely fetched a whiel
>>>> before.
>>>> I
>>>> did see a few threads which say Hibernate may eb a culprit but am not
>>>> sure
>>>> thats the case here.
>>>>
>>>> Please do let me know if you need any more info.
>>>> Thanks,
>>>> SSP
>>>>
>>>> Martijn Dashorst wrote:
>>>>>
>>>>> A wicket version number would be helpful...
>>>>>
>>>>> Martijn
>>>>>
>>>>> On Fri, Jan 8, 2010 at 12:17 PM, Soumya <so...@yahoo.co.in>
>>>>> wrote:
>>>>>> Hi all,
>>>>>> I am fairly a newbie in wicket and would appreciate your help!
>>>>>>
>>>>>> I
>>>>>> have a wicket application which are used on Live by more than 500
>>>>>> users. Now the problem which has arisen is - say User A logs on - he
>>>>>> is
>>>>>> able to view details of User B. It has happened for different users
>>>>>> and
>>>>>> I am trying to dig the real reason.
>>>>>>
>>>>>> Here is my code details -
>>>>>> 1) I use Hibernate to fetch 'Account' objects from backend passing on
>>>>>> the
>>>>>> username/password.
>>>>>>
>>>>>> 2) I use
>>>>>> MyAppSession extends WebSession
>>>>>> {
>>>>>> private Account account;
>>>>>>
>>>>>> public InboundSession(Request request)
>>>>>> {
>>>>>> super(request);
>>>>>> }
>>>>>>
>>>>>> public void setAccount(Account account)
>>>>>> {
>>>>>> this.account = account;
>>>>>> }
>>>>>>
>>>>>>
>>>>>> public Account getAccount()
>>>>>> {
>>>>>> return account;
>>>>>> }
>>>>>>
>>>>>> public boolean isUserLoggedIn()
>>>>>> {
>>>>>> return account !=null;
>>>>>> }
>>>>>>
>>>>>> }
>>>>>>
>>>>>> So
>>>>>> effectively I check if the Account object in session is null or not
>>>>>> and
>>>>>> accordingly decide whether a user is logged in or not.
>>>>>>
>>>>>> 2) In Login class I pass on the username/password to
>>>>>> HibernateAccountDao
>>>>>> and fetch the Account object.
>>>>>> Account account = accountDao.getAccount(username, password)
>>>>>> MyAppSession session = (MyAppSession )getSession();
>>>>>> session.setAccount(account);
>>>>>> setResponsePage(Home.class);
>>>>>>
>>>>>> So effectively I fetch the accout object using hibernate and store it
>>>>>> in
>>>>>> wicket session.
>>>>>> But I am not sure how these account objects are getting mixed up
>>>>>> between
>>>>>> users.
>>>>>>
>>>>>> Please can someone lead me to the route cause of the issue?
>>>>>>
>>>>>>
>>>>>> Thanks in advance!
>>>>>> SSP
>>>>>>
>>>>>>
>>>>>> The INTERNET now has a personality. YOURS! See your Yahoo!
>>>>>> Homepage.
>>>>>> http://in.yahoo.com/
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Become a Wicket expert, learn from the best: http://wicketinaction.com
>>>>> Apache Wicket 1.4 increases type safety for web applications
>>>>> Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.4.4
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>>>
>>>>>
>>>>>
>>>>
>>>> --
>>>> View this message in context:
>>>> http://old.nabble.com/Wicket-session-not-threadsafe--tp27074491p27075050.html
>>>> Sent from the Wicket - User mailing list archive at Nabble.com.
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>>
>>>>
>>>
>>>
>>>
>>> --
>>> Become a Wicket expert, learn from the best: http://wicketinaction.com
>>> Apache Wicket 1.4 increases type safety for web applications
>>> Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.4.4
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>
>>>
>>>
>>
>> --
>> View this message in context:
>> http://old.nabble.com/Wicket-session-not-threadsafe--tp27074491p27075144.html
>> Sent from the Wicket - User mailing list archive at Nabble.com.
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>> For additional commands, e-mail: users-help@wicket.apache.org
>>
>>
>
>
>
> --
> Become a Wicket expert, learn from the best: http://wicketinaction.com
> Apache Wicket 1.4 increases type safety for web applications
> Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.4.4
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
>
--
View this message in context: http://old.nabble.com/Wicket-session-not-threadsafe--tp27074491p27076056.html
Sent from the Wicket - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Wicket session not threadsafe?
Posted by Martijn Dashorst <ma...@gmail.com>.
Seriously... *BETA*? upgrade and then come back if things are still wrong.
Martijn
On Fri, Jan 8, 2010 at 1:21 PM, allgo <so...@yahoo.co.in> wrote:
>
> 1.3.0-beta3 actually. Copied it from the Manifest file
>
> Martijn Dashorst wrote:
>>
>> 1.3.0?
>>
>> Martijn
>>
>> On Fri, Jan 8, 2010 at 1:12 PM, allgo <so...@yahoo.co.in> wrote:
>>>
>>> Hi,
>>> The wicket version is 1.3. Sorry should have mentioned that.
>>>
>>> As such the User A, after he logs on is getting assigned the Account
>>> object
>>> of User B. And after soem logs we can see that User B had logged on a
>>> while
>>> before. Hence that Accoutn object was definitely fetched a whiel before.
>>> I
>>> did see a few threads which say Hibernate may eb a culprit but am not
>>> sure
>>> thats the case here.
>>>
>>> Please do let me know if you need any more info.
>>> Thanks,
>>> SSP
>>>
>>> Martijn Dashorst wrote:
>>>>
>>>> A wicket version number would be helpful...
>>>>
>>>> Martijn
>>>>
>>>> On Fri, Jan 8, 2010 at 12:17 PM, Soumya <so...@yahoo.co.in> wrote:
>>>>> Hi all,
>>>>> I am fairly a newbie in wicket and would appreciate your help!
>>>>>
>>>>> I
>>>>> have a wicket application which are used on Live by more than 500
>>>>> users. Now the problem which has arisen is - say User A logs on - he is
>>>>> able to view details of User B. It has happened for different users and
>>>>> I am trying to dig the real reason.
>>>>>
>>>>> Here is my code details -
>>>>> 1) I use Hibernate to fetch 'Account' objects from backend passing on
>>>>> the
>>>>> username/password.
>>>>>
>>>>> 2) I use
>>>>> MyAppSession extends WebSession
>>>>> {
>>>>> private Account account;
>>>>>
>>>>> public InboundSession(Request request)
>>>>> {
>>>>> super(request);
>>>>> }
>>>>>
>>>>> public void setAccount(Account account)
>>>>> {
>>>>> this.account = account;
>>>>> }
>>>>>
>>>>>
>>>>> public Account getAccount()
>>>>> {
>>>>> return account;
>>>>> }
>>>>>
>>>>> public boolean isUserLoggedIn()
>>>>> {
>>>>> return account !=null;
>>>>> }
>>>>>
>>>>> }
>>>>>
>>>>> So
>>>>> effectively I check if the Account object in session is null or not and
>>>>> accordingly decide whether a user is logged in or not.
>>>>>
>>>>> 2) In Login class I pass on the username/password to
>>>>> HibernateAccountDao
>>>>> and fetch the Account object.
>>>>> Account account = accountDao.getAccount(username, password)
>>>>> MyAppSession session = (MyAppSession )getSession();
>>>>> session.setAccount(account);
>>>>> setResponsePage(Home.class);
>>>>>
>>>>> So effectively I fetch the accout object using hibernate and store it
>>>>> in
>>>>> wicket session.
>>>>> But I am not sure how these account objects are getting mixed up
>>>>> between
>>>>> users.
>>>>>
>>>>> Please can someone lead me to the route cause of the issue?
>>>>>
>>>>>
>>>>> Thanks in advance!
>>>>> SSP
>>>>>
>>>>>
>>>>> The INTERNET now has a personality. YOURS! See your Yahoo!
>>>>> Homepage.
>>>>> http://in.yahoo.com/
>>>>
>>>>
>>>>
>>>> --
>>>> Become a Wicket expert, learn from the best: http://wicketinaction.com
>>>> Apache Wicket 1.4 increases type safety for web applications
>>>> Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.4.4
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>>
>>>>
>>>>
>>>
>>> --
>>> View this message in context:
>>> http://old.nabble.com/Wicket-session-not-threadsafe--tp27074491p27075050.html
>>> Sent from the Wicket - User mailing list archive at Nabble.com.
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>
>>>
>>
>>
>>
>> --
>> Become a Wicket expert, learn from the best: http://wicketinaction.com
>> Apache Wicket 1.4 increases type safety for web applications
>> Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.4.4
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>> For additional commands, e-mail: users-help@wicket.apache.org
>>
>>
>>
>
> --
> View this message in context: http://old.nabble.com/Wicket-session-not-threadsafe--tp27074491p27075144.html
> Sent from the Wicket - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
--
Become a Wicket expert, learn from the best: http://wicketinaction.com
Apache Wicket 1.4 increases type safety for web applications
Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.4.4
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Wicket session not threadsafe?
Posted by allgo <so...@yahoo.co.in>.
1.3.0-beta3 actually. Copied it from the Manifest file
Martijn Dashorst wrote:
>
> 1.3.0?
>
> Martijn
>
> On Fri, Jan 8, 2010 at 1:12 PM, allgo <so...@yahoo.co.in> wrote:
>>
>> Hi,
>> The wicket version is 1.3. Sorry should have mentioned that.
>>
>> As such the User A, after he logs on is getting assigned the Account
>> object
>> of User B. And after soem logs we can see that User B had logged on a
>> while
>> before. Hence that Accoutn object was definitely fetched a whiel before.
>> I
>> did see a few threads which say Hibernate may eb a culprit but am not
>> sure
>> thats the case here.
>>
>> Please do let me know if you need any more info.
>> Thanks,
>> SSP
>>
>> Martijn Dashorst wrote:
>>>
>>> A wicket version number would be helpful...
>>>
>>> Martijn
>>>
>>> On Fri, Jan 8, 2010 at 12:17 PM, Soumya <so...@yahoo.co.in> wrote:
>>>> Hi all,
>>>> I am fairly a newbie in wicket and would appreciate your help!
>>>>
>>>> I
>>>> have a wicket application which are used on Live by more than 500
>>>> users. Now the problem which has arisen is - say User A logs on - he is
>>>> able to view details of User B. It has happened for different users and
>>>> I am trying to dig the real reason.
>>>>
>>>> Here is my code details -
>>>> 1) I use Hibernate to fetch 'Account' objects from backend passing on
>>>> the
>>>> username/password.
>>>>
>>>> 2) I use
>>>> MyAppSession extends WebSession
>>>> {
>>>> private Account account;
>>>>
>>>> public InboundSession(Request request)
>>>> {
>>>> super(request);
>>>> }
>>>>
>>>> public void setAccount(Account account)
>>>> {
>>>> this.account = account;
>>>> }
>>>>
>>>>
>>>> public Account getAccount()
>>>> {
>>>> return account;
>>>> }
>>>>
>>>> public boolean isUserLoggedIn()
>>>> {
>>>> return account !=null;
>>>> }
>>>>
>>>> }
>>>>
>>>> So
>>>> effectively I check if the Account object in session is null or not and
>>>> accordingly decide whether a user is logged in or not.
>>>>
>>>> 2) In Login class I pass on the username/password to
>>>> HibernateAccountDao
>>>> and fetch the Account object.
>>>> Account account = accountDao.getAccount(username, password)
>>>> MyAppSession session = (MyAppSession )getSession();
>>>> session.setAccount(account);
>>>> setResponsePage(Home.class);
>>>>
>>>> So effectively I fetch the accout object using hibernate and store it
>>>> in
>>>> wicket session.
>>>> But I am not sure how these account objects are getting mixed up
>>>> between
>>>> users.
>>>>
>>>> Please can someone lead me to the route cause of the issue?
>>>>
>>>>
>>>> Thanks in advance!
>>>> SSP
>>>>
>>>>
>>>> The INTERNET now has a personality. YOURS! See your Yahoo!
>>>> Homepage.
>>>> http://in.yahoo.com/
>>>
>>>
>>>
>>> --
>>> Become a Wicket expert, learn from the best: http://wicketinaction.com
>>> Apache Wicket 1.4 increases type safety for web applications
>>> Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.4.4
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>>> For additional commands, e-mail: users-help@wicket.apache.org
>>>
>>>
>>>
>>
>> --
>> View this message in context:
>> http://old.nabble.com/Wicket-session-not-threadsafe--tp27074491p27075050.html
>> Sent from the Wicket - User mailing list archive at Nabble.com.
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>> For additional commands, e-mail: users-help@wicket.apache.org
>>
>>
>
>
>
> --
> Become a Wicket expert, learn from the best: http://wicketinaction.com
> Apache Wicket 1.4 increases type safety for web applications
> Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.4.4
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
>
--
View this message in context: http://old.nabble.com/Wicket-session-not-threadsafe--tp27074491p27075144.html
Sent from the Wicket - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Wicket session not threadsafe?
Posted by Martijn Dashorst <ma...@gmail.com>.
1.3.0?
Martijn
On Fri, Jan 8, 2010 at 1:12 PM, allgo <so...@yahoo.co.in> wrote:
>
> Hi,
> The wicket version is 1.3. Sorry should have mentioned that.
>
> As such the User A, after he logs on is getting assigned the Account object
> of User B. And after soem logs we can see that User B had logged on a while
> before. Hence that Accoutn object was definitely fetched a whiel before. I
> did see a few threads which say Hibernate may eb a culprit but am not sure
> thats the case here.
>
> Please do let me know if you need any more info.
> Thanks,
> SSP
>
> Martijn Dashorst wrote:
>>
>> A wicket version number would be helpful...
>>
>> Martijn
>>
>> On Fri, Jan 8, 2010 at 12:17 PM, Soumya <so...@yahoo.co.in> wrote:
>>> Hi all,
>>> I am fairly a newbie in wicket and would appreciate your help!
>>>
>>> I
>>> have a wicket application which are used on Live by more than 500
>>> users. Now the problem which has arisen is - say User A logs on - he is
>>> able to view details of User B. It has happened for different users and
>>> I am trying to dig the real reason.
>>>
>>> Here is my code details -
>>> 1) I use Hibernate to fetch 'Account' objects from backend passing on the
>>> username/password.
>>>
>>> 2) I use
>>> MyAppSession extends WebSession
>>> {
>>> private Account account;
>>>
>>> public InboundSession(Request request)
>>> {
>>> super(request);
>>> }
>>>
>>> public void setAccount(Account account)
>>> {
>>> this.account = account;
>>> }
>>>
>>>
>>> public Account getAccount()
>>> {
>>> return account;
>>> }
>>>
>>> public boolean isUserLoggedIn()
>>> {
>>> return account !=null;
>>> }
>>>
>>> }
>>>
>>> So
>>> effectively I check if the Account object in session is null or not and
>>> accordingly decide whether a user is logged in or not.
>>>
>>> 2) In Login class I pass on the username/password to HibernateAccountDao
>>> and fetch the Account object.
>>> Account account = accountDao.getAccount(username, password)
>>> MyAppSession session = (MyAppSession )getSession();
>>> session.setAccount(account);
>>> setResponsePage(Home.class);
>>>
>>> So effectively I fetch the accout object using hibernate and store it in
>>> wicket session.
>>> But I am not sure how these account objects are getting mixed up between
>>> users.
>>>
>>> Please can someone lead me to the route cause of the issue?
>>>
>>>
>>> Thanks in advance!
>>> SSP
>>>
>>>
>>> The INTERNET now has a personality. YOURS! See your Yahoo! Homepage.
>>> http://in.yahoo.com/
>>
>>
>>
>> --
>> Become a Wicket expert, learn from the best: http://wicketinaction.com
>> Apache Wicket 1.4 increases type safety for web applications
>> Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.4.4
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>> For additional commands, e-mail: users-help@wicket.apache.org
>>
>>
>>
>
> --
> View this message in context: http://old.nabble.com/Wicket-session-not-threadsafe--tp27074491p27075050.html
> Sent from the Wicket - User mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
--
Become a Wicket expert, learn from the best: http://wicketinaction.com
Apache Wicket 1.4 increases type safety for web applications
Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.4.4
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Wicket session not threadsafe?
Posted by allgo <so...@yahoo.co.in>.
Hi,
The wicket version is 1.3. Sorry should have mentioned that.
As such the User A, after he logs on is getting assigned the Account object
of User B. And after soem logs we can see that User B had logged on a while
before. Hence that Accoutn object was definitely fetched a whiel before. I
did see a few threads which say Hibernate may eb a culprit but am not sure
thats the case here.
Please do let me know if you need any more info.
Thanks,
SSP
Martijn Dashorst wrote:
>
> A wicket version number would be helpful...
>
> Martijn
>
> On Fri, Jan 8, 2010 at 12:17 PM, Soumya <so...@yahoo.co.in> wrote:
>> Hi all,
>> I am fairly a newbie in wicket and would appreciate your help!
>>
>> I
>> have a wicket application which are used on Live by more than 500
>> users. Now the problem which has arisen is - say User A logs on - he is
>> able to view details of User B. It has happened for different users and
>> I am trying to dig the real reason.
>>
>> Here is my code details -
>> 1) I use Hibernate to fetch 'Account' objects from backend passing on the
>> username/password.
>>
>> 2) I use
>> MyAppSession extends WebSession
>> {
>> private Account account;
>>
>> public InboundSession(Request request)
>> {
>> super(request);
>> }
>>
>> public void setAccount(Account account)
>> {
>> this.account = account;
>> }
>>
>>
>> public Account getAccount()
>> {
>> return account;
>> }
>>
>> public boolean isUserLoggedIn()
>> {
>> return account !=null;
>> }
>>
>> }
>>
>> So
>> effectively I check if the Account object in session is null or not and
>> accordingly decide whether a user is logged in or not.
>>
>> 2) In Login class I pass on the username/password to HibernateAccountDao
>> and fetch the Account object.
>> Account account = accountDao.getAccount(username, password)
>> MyAppSession session = (MyAppSession )getSession();
>> session.setAccount(account);
>> setResponsePage(Home.class);
>>
>> So effectively I fetch the accout object using hibernate and store it in
>> wicket session.
>> But I am not sure how these account objects are getting mixed up between
>> users.
>>
>> Please can someone lead me to the route cause of the issue?
>>
>>
>> Thanks in advance!
>> SSP
>>
>>
>> The INTERNET now has a personality. YOURS! See your Yahoo! Homepage.
>> http://in.yahoo.com/
>
>
>
> --
> Become a Wicket expert, learn from the best: http://wicketinaction.com
> Apache Wicket 1.4 increases type safety for web applications
> Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.4.4
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
>
--
View this message in context: http://old.nabble.com/Wicket-session-not-threadsafe--tp27074491p27075050.html
Sent from the Wicket - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Wicket session not threadsafe?
Posted by Martijn Dashorst <ma...@gmail.com>.
A wicket version number would be helpful...
Martijn
On Fri, Jan 8, 2010 at 12:17 PM, Soumya <so...@yahoo.co.in> wrote:
> Hi all,
> I am fairly a newbie in wicket and would appreciate your help!
>
> I
> have a wicket application which are used on Live by more than 500
> users. Now the problem which has arisen is - say User A logs on - he is
> able to view details of User B. It has happened for different users and
> I am trying to dig the real reason.
>
> Here is my code details -
> 1) I use Hibernate to fetch 'Account' objects from backend passing on the username/password.
>
> 2) I use
> MyAppSession extends WebSession
> {
> private Account account;
>
> public InboundSession(Request request)
> {
> super(request);
> }
>
> public void setAccount(Account account)
> {
> this.account = account;
> }
>
>
> public Account getAccount()
> {
> return account;
> }
>
> public boolean isUserLoggedIn()
> {
> return account !=null;
> }
>
> }
>
> So
> effectively I check if the Account object in session is null or not and
> accordingly decide whether a user is logged in or not.
>
> 2) In Login class I pass on the username/password to HibernateAccountDao and fetch the Account object.
> Account account = accountDao.getAccount(username, password)
> MyAppSession session = (MyAppSession )getSession();
> session.setAccount(account);
> setResponsePage(Home.class);
>
> So effectively I fetch the accout object using hibernate and store it in wicket session.
> But I am not sure how these account objects are getting mixed up between users.
>
> Please can someone lead me to the route cause of the issue?
>
>
> Thanks in advance!
> SSP
>
>
> The INTERNET now has a personality. YOURS! See your Yahoo! Homepage. http://in.yahoo.com/
--
Become a Wicket expert, learn from the best: http://wicketinaction.com
Apache Wicket 1.4 increases type safety for web applications
Get it now: http://www.apache.org/dyn/closer.cgi/wicket/1.4.4
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
RE: Wicket session not threadsafe?
Posted by "Loritsch, Berin C." <Be...@gd-ais.com>.
Essentially your response headers should have the following headers:
Cache-Control: no-cache, no-store
Pragma: no-cache
For more details on HTTP response headers and cache controls see this
page:
http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html
Not all proxy servers are documented, unfortunately. If your system
lives in a DMZ (which it sounds like it might), then the proxy server
might be within your ISP.
-----Original Message-----
From: allgo [mailto:soumya_ssp@yahoo.co.in]
Sent: Friday, January 08, 2010 8:44 AM
To: users@wicket.apache.org
Subject: RE: Wicket session not threadsafe?
Hi Berin,
No the users are all from different companies and no way there woudl be
caching of their side. User A belongs to a client X say working in New
York
, while User B may be of client Y working in texas.
It doesnt happen in test environment. but then that is not a multi-user
environment in true sense of teh word. As hardly 3-4 people test it and
we
never got into that situation. For live however there are 500+ users
using
it everyday.
"no-cache" entry? I am bit sketchy on this one. Can you give an example?
Thanks for ur help.
Loritsch, Berin C. wrote:
>
> The session object is bound to the HttpSession, so it is as safe as
Tomcat
> or whatever servlet container is running your application.
>
> Here are some things to consider that have bit me in the butt, and
have
> nothing to do with your local setup:
>
> * Is that happening locally in your test environment?
> * Does your client have caching proxies? (do they even know?)
> * Do your response headers have the "no-cache" entries?
>
> What might be happening is the first person to log in through the
caching
> proxy gets their information cached by the proxy. The second person
comes
> in and sees it. Typically the problem has to do with poorly
configured
> proxy servers and they don't properly distinguish the pages with the
cache
> control headers you supply. The only way around it is to turn off
client
> caching completely.
>
> -----Original Message-----
> From: Soumya [mailto:soumya_ssp@yahoo.co.in]
> Sent: Friday, January 08, 2010 6:18 AM
> To: users@wicket.apache.org
> Subject: Wicket session not threadsafe?
>
> Hi all,
> I am fairly a newbie in wicket and would appreciate your help!
>
> I
> have a wicket application which are used on Live by more than 500
> users. Now the problem which has arisen is - say User A logs on - he
is
> able to view details of User B. It has happened for different users
and
> I am trying to dig the real reason.
>
> Here is my code details -
> 1) I use Hibernate to fetch 'Account' objects from backend passing on
the
> username/password.
>
> 2) I use
> MyAppSession extends WebSession
> {
> private Account account;
>
> public InboundSession(Request request)
> {
> super(request);
> }
>
> public void setAccount(Account account)
> {
> this.account = account;
> }
>
>
> public Account getAccount()
> {
> return account;
> }
>
> public boolean isUserLoggedIn()
> {
> return account !=null;
> }
>
> }
>
> So
> effectively I check if the Account object in session is null or not
and
> accordingly decide whether a user is logged in or not.
>
> 2) In Login class I pass on the username/password to
HibernateAccountDao
> and fetch the Account object.
> Account account = accountDao.getAccount(username, password)
> MyAppSession session = (MyAppSession )getSession();
> session.setAccount(account);
> setResponsePage(Home.class);
>
> So effectively I fetch the accout object using hibernate and store it
in
> wicket session.
> But I am not sure how these account objects are getting mixed up
between
> users.
>
> Please can someone lead me to the route cause of the issue?
>
>
> Thanks in advance!
> SSP
>
>
> The INTERNET now has a personality. YOURS! See your Yahoo!
Homepage.
> http://in.yahoo.com/
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
>
--
View this message in context:
http://old.nabble.com/Wicket-session-not-threadsafe--tp27074491p27076126
.html
Sent from the Wicket - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
RE: Wicket session not threadsafe?
Posted by allgo <so...@yahoo.co.in>.
Hi Berin,
No the users are all from different companies and no way there woudl be
caching of their side. User A belongs to a client X say working in New York
, while User B may be of client Y working in texas.
It doesnt happen in test environment. but then that is not a multi-user
environment in true sense of teh word. As hardly 3-4 people test it and we
never got into that situation. For live however there are 500+ users using
it everyday.
"no-cache" entry? I am bit sketchy on this one. Can you give an example?
Thanks for ur help.
Loritsch, Berin C. wrote:
>
> The session object is bound to the HttpSession, so it is as safe as Tomcat
> or whatever servlet container is running your application.
>
> Here are some things to consider that have bit me in the butt, and have
> nothing to do with your local setup:
>
> * Is that happening locally in your test environment?
> * Does your client have caching proxies? (do they even know?)
> * Do your response headers have the "no-cache" entries?
>
> What might be happening is the first person to log in through the caching
> proxy gets their information cached by the proxy. The second person comes
> in and sees it. Typically the problem has to do with poorly configured
> proxy servers and they don't properly distinguish the pages with the cache
> control headers you supply. The only way around it is to turn off client
> caching completely.
>
> -----Original Message-----
> From: Soumya [mailto:soumya_ssp@yahoo.co.in]
> Sent: Friday, January 08, 2010 6:18 AM
> To: users@wicket.apache.org
> Subject: Wicket session not threadsafe?
>
> Hi all,
> I am fairly a newbie in wicket and would appreciate your help!
>
> I
> have a wicket application which are used on Live by more than 500
> users. Now the problem which has arisen is - say User A logs on - he is
> able to view details of User B. It has happened for different users and
> I am trying to dig the real reason.
>
> Here is my code details -
> 1) I use Hibernate to fetch 'Account' objects from backend passing on the
> username/password.
>
> 2) I use
> MyAppSession extends WebSession
> {
> private Account account;
>
> public InboundSession(Request request)
> {
> super(request);
> }
>
> public void setAccount(Account account)
> {
> this.account = account;
> }
>
>
> public Account getAccount()
> {
> return account;
> }
>
> public boolean isUserLoggedIn()
> {
> return account !=null;
> }
>
> }
>
> So
> effectively I check if the Account object in session is null or not and
> accordingly decide whether a user is logged in or not.
>
> 2) In Login class I pass on the username/password to HibernateAccountDao
> and fetch the Account object.
> Account account = accountDao.getAccount(username, password)
> MyAppSession session = (MyAppSession )getSession();
> session.setAccount(account);
> setResponsePage(Home.class);
>
> So effectively I fetch the accout object using hibernate and store it in
> wicket session.
> But I am not sure how these account objects are getting mixed up between
> users.
>
> Please can someone lead me to the route cause of the issue?
>
>
> Thanks in advance!
> SSP
>
>
> The INTERNET now has a personality. YOURS! See your Yahoo! Homepage.
> http://in.yahoo.com/
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
>
--
View this message in context: http://old.nabble.com/Wicket-session-not-threadsafe--tp27074491p27076126.html
Sent from the Wicket - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
RE: Wicket session not threadsafe?
Posted by "Loritsch, Berin C." <Be...@gd-ais.com>.
The session object is bound to the HttpSession, so it is as safe as Tomcat or whatever servlet container is running your application.
Here are some things to consider that have bit me in the butt, and have nothing to do with your local setup:
* Is that happening locally in your test environment?
* Does your client have caching proxies? (do they even know?)
* Do your response headers have the "no-cache" entries?
What might be happening is the first person to log in through the caching proxy gets their information cached by the proxy. The second person comes in and sees it. Typically the problem has to do with poorly configured proxy servers and they don't properly distinguish the pages with the cache control headers you supply. The only way around it is to turn off client caching completely.
-----Original Message-----
From: Soumya [mailto:soumya_ssp@yahoo.co.in]
Sent: Friday, January 08, 2010 6:18 AM
To: users@wicket.apache.org
Subject: Wicket session not threadsafe?
Hi all,
I am fairly a newbie in wicket and would appreciate your help!
I
have a wicket application which are used on Live by more than 500
users. Now the problem which has arisen is - say User A logs on - he is
able to view details of User B. It has happened for different users and
I am trying to dig the real reason.
Here is my code details -
1) I use Hibernate to fetch 'Account' objects from backend passing on the username/password.
2) I use
MyAppSession extends WebSession
{
private Account account;
public InboundSession(Request request)
{
super(request);
}
public void setAccount(Account account)
{
this.account = account;
}
public Account getAccount()
{
return account;
}
public boolean isUserLoggedIn()
{
return account !=null;
}
}
So
effectively I check if the Account object in session is null or not and
accordingly decide whether a user is logged in or not.
2) In Login class I pass on the username/password to HibernateAccountDao and fetch the Account object.
Account account = accountDao.getAccount(username, password)
MyAppSession session = (MyAppSession )getSession();
session.setAccount(account);
setResponsePage(Home.class);
So effectively I fetch the accout object using hibernate and store it in wicket session.
But I am not sure how these account objects are getting mixed up between users.
Please can someone lead me to the route cause of the issue?
Thanks in advance!
SSP
The INTERNET now has a personality. YOURS! See your Yahoo! Homepage. http://in.yahoo.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org