Mike,
As you suggested, I have upgraded my version of DWR to 2.0RC2, but I am running into an error that did not occur in 2.0M4b. I have listed the details of the issue here:
http://www.nabble.com/postHook-behavior-change-in-2.0-RC2--tf3241170.html
Please suggest a fix.
thanks,
Vinay
Mike Wilson <mikewse-PkbjNfxxIARBDgjK7y7TUQ@xxxxxxxxxxxxxxxx> wrote:
Vinay,
The security fix for Weblogic (and hopefully for Websphere too) has
now been added by Joe and made available in 2.0RC2. It would be
great if you could try with this version and tell us how it works
out!
Best regards
Mike
> -----Original Message-----
> From: Mike Wilson [mailto:mikewse-PkbjNfxxIARBDgjK7y7TUQ@xxxxxxxxxxxxxxxx]
> Sent: den 28 december 2006 12:27
> To: user
s@xxxxxxxxxxxxxxxx
> Subject: RE: [dwr-user] DWR 2.0 rc1 and WebSphere 6.1=
Session Error
>
> Vinay,
>
> > I am using WDR 2.0-rc1 with IBM WebSphere 6.1 and I get
> > "Session Error" alert
> > message when I try to use the debug page to make any DWR
> > calls. Is it a known
> > issue or a configuration problem?
> >
> > The same configuration works fine with Tomcat 5.5.
>
> If you search for "session error" on the mailing list:
> http://www.nabble.com/forum/Search.jtp?forum=13934&local=y&que
> ry=%22session+
> error%22
> you will find posts with similar problems for Weblogic.
>
> The "Session error" means that the call didn't pass DWR's
> security test for cross-site request-forgery (CSRF). On
> some appservers (Weblogic) this is triggered even for legal
> calls due to strange handling of the standard J
SESSIONID
> cookie.
>
> You can workaround it by setting the servlet
parameter
> crossDomainSessionSecurity
> to false. See http://getahead.ltd.uk/dwr/server/servlet
>
> I submitted a bugfix that solves the problem for Weblogic a
> few weeks ago
> http://www.nabble.com/forwardToString-does-not-work-with-Weblo
> gic-8.1-tf2467
> 394.html#a7726070
> and I think my "alternative 2" solution has a high
> probability to also solve the problem for Websphere. When it
> becomes available in CVS or RC2 please let us know how it
> works out for you.
>
> Followup to Joe:
> - maybe it would be a good idea to change the
> "Session error" message into something that gives a hint
> on what is going on?
> - would it be possible to have my patch put into CVS now that
> RC1 is out?
>
> Best regards
> Mike
>
> -------
--------------------------------------------------------------
> To unsubscribe,
e-mail: users-unsubscribe-EyPigyGktj4FDOXUYO6UHQ@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help-EyPigyGktj4FDOXUYO6UHQ@xxxxxxxxxxxxxxxx
>
>
TV dinner still cooling?
Check out "Tonight's Picks" on Yahoo! TV.
| 