hmm this is a good one.
Why nobody else pointed out this before.
But one problem, it could be that the url was already encoded by the call
encodeURL
because it is possible that the url was already encoded.
Because it is called for example in WebRequestCycle.redirectTo(final Page
page)
And that gets the url by calling urlFor()
that ens up at:
WebRequestCodingStrategy.encode(final RequestCycle requestCycle, final
IRequestTarget requestTarget)
which does:
return requestCycle.getOriginalResponse().encodeURL(buffer);
and at that point we don't know that it becomes an redirect url or a normal
link...
So the question is what is the end result? What does encodeRedirectURL do
and return?
even if encodeURL is already called before on that same url?
johan
On 12/13/06, James Carnegie <[EMAIL PROTECTED]> wrote:
Hi All,
When a browser does not support cookies (or has cookies turned off) we
all know that session state is maintained using URL rewriting. This is
achieved by calling the following Servlet API method:
javax.servlet.http.HttpServletResponse.encodeURL("http://blahblah";);
According to the servlet API, if the URL being encoded is for
redirection, the following method should be called instead:
javax.servlet.http.HttpServletResponse.encodeRedirectURL("http://blahblah
");
In the source code for wicket.protocol.http.WicketResponse, it can be
seen that wicket always uses the encodeURL method for redirects. The
result is that the 'Location' header set in redirects does not include
the jsessionid URL parameter and so session state is not maintained
(resulting in new sessions or session time-outs etc).
I have implemented a fix for wicket 1.2.1 (see attachment), which seems
to resolve the issue, but I'm unsure if this will cause any other
issues, so I would appreciate any suggestions or feedback.
Kind regards,
/james
=======================================================================
James Carnegie
Senior Analyst Programmer/Development Team Leader
Tel: (+44) (0) 1179081253
Fax: (+44) (0) 1179081494
Email: James Carnegie <[EMAIL PROTECTED]>
This communication is intended solely for the addressee and is
confidential. If you are not the intended recipient, any disclosure,
copying, distribution or any action taken or omitted to be taken in
reliance on it, is prohibited and may be unlawful. Although this e-mail
and any attachments are believed to be free of any virus, or any other
defect which might affect any computer or IT system into which they are
received and opened, it is the responsibility of the recipient to ensure
that they are virus free and no responsibility is accepted by Multicom
Products Limited for any loss or damage arising in any way from receipt
or use thereof.
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share
your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Wicket-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/wicket-user
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Wicket-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/wicket-user
