[jira] Commented: (WICKET-824) Session id encoding problem in cookie-less mode

Wed, 26 Sep 2007 15:17:13 -0700 

    [ 
https://issues.apache.org/jira/browse/WICKET-824?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12530572
 ] 

John Ray commented on WICKET-824:
---------------------------------

I've been bit by this bug and tracked down the problems. There are actually 2 
bugs here. 

The first is that the wicket session can not be temporary you must call 
Session.bind() which then calls HttpServletReqest.getSession(true). If you 
don't do this then Tomcat will not add a session ID to the URL since there is 
no session. I'll also post a message to the dev mailing list as I think there 
are issues with always doing a Session.bind() .

The second issue is with the new relative URLs in version 1.3. Tomcat will only 
add a session ID if there is a path in the URL. So any deep URLs are handled 
fine but for a root URL like this

   ?wicket:interface=:0:form:clients:1:edit::ILinkListener::

Tomcat just leaves it as is. But if you pass in 

    ./?wicket:interface=:0:form:clients:1:edit::ILinkListener::

Then Tomcat encodes it properly to

    
./;jsessionid=82C9FE8D98F69D95FF698719BC0D0AAD?wicket:interface=:0:form:clients:1:edit::ILinkListener::

I'll attach a patch which fixes this. The patch also fixes another bug which 
shows up in ServletWebRequest.getRelativePathPrefixToWicketHandler() where it 
calculates the depth to any URL starting with "./" as being 1 level too deep.



> Session id encoding problem in cookie-less mode
> -----------------------------------------------
>
>                 Key: WICKET-824
>                 URL: https://issues.apache.org/jira/browse/WICKET-824
>             Project: Wicket
>          Issue Type: Bug
>          Components: wicket
>    Affects Versions: 1.3.0-beta2
>         Environment: Tomcat 5.5.23, OS X
>            Reporter: Roland Foerther
>            Assignee: Alastair Maw
>            Priority: Critical
>             Fix For: 1.3.0-beta4
>
>         Attachments: Fix.diff
>
>
> If I disable session cookies, the URL-encoding does not work. The problem 
> appears in displaying 'page expired' when I click through 'wicket-exmples' . 
> I discovered that HttpServletResponse.encodeUrl() called by 
> WebRequestCodingStrategy.encode() does not encode the session id, if it is 
> called with a relative URL like 
> `?wicket:interface=:0:inputForm:IFormSubmitListener::'. i.e.. starting with 
> '?'.   

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to