On Mon, Apr 9, 2018 at 2:45 PM, gcsaba2 <gcsa...@gmail.com> wrote:

> This is true, when I go to http://localhost:7777/ it will immediately
> (302)
> redirect me to http://localhost:777/home.html (my home page is mounted
> here).
> AFTER that, the home page will 302 redirect me to
> http://localhost:777/home.html;jsessionid=xxx
> All the links on the home page will, after this, contain the ;jsessionid
> part, so clicking anywhere will pass on this token in the URL, and it will
> never go away.
> If I manually remove the token by typing in the URL
> http://localhost:777/home.html then it will 302 redirect me to the
> http://localhost:777/home.html;jsessionid=xyz URL, but the session ID will
> be different. This means my previous session has been lost and a new one
> has
> been created.
> Looking at the HTTP headers, I can see this:
> Set-Cookie: JSESSIONID=xyz; HttpOnly
> So the website definitely tries to set the session id. But when I click on
> any of the links, in the request headers I will not see the browser sending
> the JSESSIONID cookie back to the server. It looks like the browser forgot
> about it.
> There is no time duration in the header, which is correct since this is a
> session cookie.
> Btw. isn't it a problem that the cookie name is (upper case) JSESSIONID,
> while the URL has a (lower case) jsessionid?

No. The cases are correct.

> I'm using an AuthenticatedWebApplication, which has a getWebSessionClass()
> class. I could be wrong, but I think the session class instance should be
> created only once per session. Here, I see it is being created on every
> request.
> Also, if I write request.getCookie(JSESSIONID) it will always return null.

It seems the browser doesn't send the JSESSIONID cookie. Does it send any
other cookie or all are lost ? You can create a test one in the Dev Tools
Console with document.cookie="name=value"

> I did some more tests, and looks like this mostly happens on Firefox. On IE
> and Chrome, after a few clicks, the jsessionid disappears from the URL. So
> what's wrong with Firefox? I'm using the latest version with default
> settings, why wouldn't it remember the session cookie?

Start a new instance of Firefox in private mode and try again.
It could be that you have some plugin that forbids cookies.

> --
> Sent from: http://apache-wicket.1842946.n4.nabble.com/Users-forum-
> f1842947.html
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
> For additional commands, e-mail: users-h...@wicket.apache.org

Reply via email to