[
https://issues.apache.org/jira/browse/WICKET-4550?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13275799#comment-13275799
]
Martin Grigorov commented on WICKET-4550:
-----------------------------------------
Using custom IResourceCachingStrategy is not an option because adding
';jsessionid=...' is later url encoded and the ';' is being lost.
Using custom request parameter is an option only if you have control on the
load balancers. Most of the time the developers have no such control.
I tried the brutal way: make a quickstart that enables the encoding of the
jsessionid in the url even for static resources by either extending classes or
copy/paste them but I faced several problems:
1) org.apache.wicket.request.cycle.RequestCycle#renderUrl(Url, IRequestHandler)
decides whether to pass the url to HttpServletResponse#encodeURL()
By providing my own RequestCycle impl that overrides public CharSequence
urlFor(IRequestHandler handler) I partially solved the problem, but
#urlFor(Class<C> pageClass, PageParameters parameters) and
#urlFor(ResourceReference reference, PageParameters params) are final and it is
not possible to override them.
2) HeaderResponse#internalRenderXyzResourceReference() also strips the
jsessionid from the url.
The only way I see here is to copy/paste HeaderResponse and setup it by using
IHeaderResponseDecorator (this works)
After all these hacks I think it will be much easier to introduce a new setting
in IResourceSettings with which the application will be able to enable encoding
of jsessionid even for the static resources. By default its value will be
'do-not-encode-for-static-resources'.
A patch will come soon.
> jsessionid is not added to resources if cookies are disabled by the server
> --------------------------------------------------------------------------
>
> Key: WICKET-4550
> URL: https://issues.apache.org/jira/browse/WICKET-4550
> Project: Wicket
> Issue Type: Bug
> Components: wicket
> Affects Versions: 1.5.5
> Reporter: Michael Bruns
> Assignee: Martin Grigorov
> Attachments: jsessionid-quickstart.tar.gz
>
>
> When I configure the container (either Jetty or Tomcat) to not support
> cookies, I expect the jsessionid to be added to all resource links in the
> page. However, with Wicket 1.5.5 this isn't the case, i.e. all URLs are
> lacking the jsessionid, both in development and deployment mode.
> Example IS:
> <script type="text/javascript"
> src="wicket/resource/org.apache.wicket.markup.html.WicketEventReference/wicket-event-ver-1331911540000.js"></script>
> Example SHOULD:
> <script type="text/javascript"
> src="wicket/resource/org.apache.wicket.markup.html.WicketEventReference/wicket-event-ver-1331911540000.js;jsessionid=${something}"></script>
> This creates a new session for each and every resource in the page, which is
> an undesirable behavior. I have found a few issues regarding this topic, e.g.
> WICKET-4334 and WICKET-4312, but none of them could give me a clue about why
> it doesn't work the way I expect it. In Wicket 1.4.x the jsessionid was added
> to all resource links, so everything worked fine and the current session was
> reused.
> I created a quickstart do demonstrate the behavior - please see the attached
> file. The file jetty-web.xml tells Jetty to not support cookies, so mvn
> jetty:run can be run without any further configuration.
> By the way, I found a suggestion to use a custom IResourceCachingStrategy to
> append the jsessionid (or whatever) to URLs of resources in the archive of
> the mailinglist. Unfortunately, this doesn't work because the URL is encoded
> afterwards and the ; is turned into %3B.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
