In HttpsRequestCycleProcessor, line 214 (Wicket 1.4.10):
Session.get().bind();
With the comment that the session needs to be persisted before
redirecting to https. But this is called before checking if a redirect
is necessary or not (line 217, request could already be https). Result:
no temporary sessions.
In our scenario this causes severe trouble:
we have a Tomcat cluster consisting of 3 different nodes, every request
to a page is loadbalanced between these 3 nodes (loading of resource
files for that page, i.e. images/css/js). The Tomcats are configured to
use jsessionid for session management. As requests to resources
referenced from within css files (images) do not contain jsessionid, a
new session is created upon every single call to an image resource. With
the Session.get().bind() as mentioned above (we use https for
everything), this results in several new (not temporary) sessions for
every single page ...
My proposal would be to call Session.get().bind() in line 200, where you
are sure that a redirect is needed.
Or am I getting something wrong here?
Cheers,
-Tom
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
