[jira] [Commented] (WICKET-4609) Javascript header references without cookies with CryptoMapper not working

Sun, 17 Jun 2012 05:12:52 -0700 

    [ 
https://issues.apache.org/jira/browse/WICKET-4609?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13393533#comment-13393533
 ] 

David Rain commented on WICKET-4609:
------------------------------------

I've tried the new 1.5.7 version and noticed following. When URLs are not 
crypted (when I removed CryptoMapper), javascript src attributes are now 
rendered WITH jsessionid parameter included.

But when I enable CryptoMapper again I noticed, that whole URL is taken (with 
jsessionid parametr already encoded in it) and then crypted. So web container 
cannot read the jsessionid parameter back and bind the request with 
corresponding session.

So the problem is that whole URL is crypted when CryptoMapper is set as root 
mapper. I don't know how to solve this, CryptoMapper will always be on top of 
other mappers (to make sense). Maybe twear CryptoMapper to add jsessionid once 
again after crypting URL?
                
> Javascript header references without cookies with CryptoMapper not working
> --------------------------------------------------------------------------
>
>                 Key: WICKET-4609
>                 URL: https://issues.apache.org/jira/browse/WICKET-4609
>             Project: Wicket
>          Issue Type: Bug
>          Components: wicket
>    Affects Versions: 1.5.5
>         Environment: Windows 7 64-bit
> IE 9, FF 12
> Jetty 6, WebSphere AS 7
>            Reporter: David Rain
>              Labels: cookies, cryptomapper, header-contribution, javascript, 
> reference, wicket
>
> Preconditions:
> - disabled cookies
> - CryptoMapper enabled (set as root mapper)
> When contributing Javascript (CSS contributions are affected too) to head, 
> URLs are rendered WITHOUT jsessionid. Thus CryptoMapper can't find its key in 
> session when cookies are disabled. This affects wicket-ajax.js contribution 
> in AbstractDefaultAjaxBehavior too! So Wicket is not working at all.
> I found out, that in HeaderResponse#internalRenderJavaScriptReference is line:
> String urlWoSessionId = Strings.stripJSessionId(url);
> which strips session id (that was previously encoded into by 
> HttpServletResponse) from URL explicitly. I wonder WHY? Does the jsessionid 
> parametr in URL break something else?
> internalRenderCSSReference method is affected too.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to