On Mon, Apr 9, 2018 at 2:45 PM, gcsaba2 <gcsa...@gmail.com> wrote: > This is true, when I go to http://localhost:7777/ it will immediately > (302) > redirect me to http://localhost:777/home.html (my home page is mounted > here). > > AFTER that, the home page will 302 redirect me to > http://localhost:777/home.html;jsessionid=xxx > > All the links on the home page will, after this, contain the ;jsessionid > part, so clicking anywhere will pass on this token in the URL, and it will > never go away. > > If I manually remove the token by typing in the URL > http://localhost:777/home.html then it will 302 redirect me to the > http://localhost:777/home.html;jsessionid=xyz URL, but the session ID will > be different. This means my previous session has been lost and a new one > has > been created. > > Looking at the HTTP headers, I can see this: > > Set-Cookie: JSESSIONID=xyz; HttpOnly > > So the website definitely tries to set the session id. But when I click on > any of the links, in the request headers I will not see the browser sending > the JSESSIONID cookie back to the server. It looks like the browser forgot > about it. > > There is no time duration in the header, which is correct since this is a > session cookie. > > Btw. isn't it a problem that the cookie name is (upper case) JSESSIONID, > while the URL has a (lower case) jsessionid? >
No. The cases are correct. > > I'm using an AuthenticatedWebApplication, which has a getWebSessionClass() > class. I could be wrong, but I think the session class instance should be > created only once per session. Here, I see it is being created on every > request. > > Also, if I write request.getCookie(JSESSIONID) it will always return null. > It seems the browser doesn't send the JSESSIONID cookie. Does it send any other cookie or all are lost ? You can create a test one in the Dev Tools Console with document.cookie="name=value" > > I did some more tests, and looks like this mostly happens on Firefox. On IE > and Chrome, after a few clicks, the jsessionid disappears from the URL. So > what's wrong with Firefox? I'm using the latest version with default > settings, why wouldn't it remember the session cookie? > Start a new instance of Firefox in private mode and try again. It could be that you have some plugin that forbids cookies. > > > > -- > Sent from: http://apache-wicket.1842946.n4.nabble.com/Users-forum- > f1842947.html > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > >