When my Wicket-application is called from two browsers on the same computer, it can happen that the cookies in both browsers have the same session id, and then the application easily gets into an unstable state. For example, I see model objects in debugger with all properties set to null, and because these objects are under control of hibernate in auto-flush-mode in my application, I fear that these corrupted objects might be automatically written to the database in unlucky conditions.
Is there a best practice to prevent the application from continueing in such an unstable state? I looked for something like telling Wicket that if a request comes in and the server-side context for its session id is inconsistent with the request, that then Wicket should just throw an exception and should not try to handle the request. What is best practice to prevent the application from continueing in an unstable state in these situations?