[
https://issues.apache.org/jira/browse/WICKET-824?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12530589
]
Matej Knopp commented on WICKET-824:
------------------------------------
I'm not sure about the part with session binding. We bind session on the first
statefull URL we encounter. So all URLs with wicket:interface in them should be
encoded (apart from the URLs starting with ?wicket:interface on tomcat it
seems). However, if we render bookmarkable URLs before stateful URLs, we'll end
with some URLs without sessionId.
Still, I don't really like binding session by default :-/
> Session id encoding problem in cookie-less mode
> -----------------------------------------------
>
> Key: WICKET-824
> URL: https://issues.apache.org/jira/browse/WICKET-824
> Project: Wicket
> Issue Type: Bug
> Components: wicket
> Affects Versions: 1.3.0-beta2
> Environment: Tomcat 5.5.23, OS X
> Reporter: Roland Foerther
> Assignee: Alastair Maw
> Priority: Critical
> Fix For: 1.3.0-beta4
>
> Attachments: Fix.diff
>
>
> If I disable session cookies, the URL-encoding does not work. The problem
> appears in displaying 'page expired' when I click through 'wicket-exmples' .
> I discovered that HttpServletResponse.encodeUrl() called by
> WebRequestCodingStrategy.encode() does not encode the session id, if it is
> called with a relative URL like
> `?wicket:interface=:0:inputForm:IFormSubmitListener::'. i.e.. starting with
> '?'.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
