Hi Chris,
that #toLowerCase() has been introduced with WICKET-4816.
The commit does not mention anything about the requirement for a lower
case comparison, and the test does not enforce it either:
https://github.com/apache/wicket/commit/66bfc8851c0250c02ff6ee0af0f42407a7873ca5#diff-2eff23be497b622b61b1181a1a97d8dcd70143cde2f14d644df573b3ecf7b5f5
So this has probably been just an unnecessary precaution.
Please open an issue.
Thanks
Sven
On 08.12.20 08:48, Chris Colman wrote:
Tomcat, and presumably other JEE app containers, now allow the
specification of the name of the JSESSIONID parameter to use in the
URL (even though cookies are largely used in place of this the initial
hit on a web site will include the jsessionid parameter by default)
This is done by setting a <Context> attribute called 'sessionCookieName'
e.g.
<Context sessionCookieName="JSESSIONID-Integration" ... >
This can be specified in mixed case and Tomcat will preserve the case.
Wicket allows a matching value to be specified via a Java -D command
line option:
e.g.
-Dwicket.jsessionid.name=JSESSIONID-Integration
However Wicket's Strings.stripJSessionId() method assumes that the
JSESSIONID parameter name is always in lowercase which causes failures
if it is not:
public static String stripJSessionId(final String url)
{
if (Strings.isEmpty(url))
{
return url;
}
// http://.../abc;jsessionid=...?param=...
int ixSemiColon =
url.toLowerCase(Locale.ROOT).indexOf(SESSION_ID_PARAM); <--
seemingly unnecessary, unwanted toLowerCase() call
if (ixSemiColon == -1)
{
return url;
}
...
}
Is there any need for the toLowerCase() method call in there? No app
container should be performing a "to lower case" on the parameter name
and URLs in general can have case sensitive parameter names in query
parameters etc., so the toLowerCase seems redundant and it causes
issues as detailed above.
Regards,
Chris
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org