You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by "Andrea Del Bene (JIRA)" <ji...@apache.org> on 2019/08/07 08:14:00 UTC
[jira] [Closed] (WICKET-6432) SignInPanel causes infinite redirect
loop if session id is suppressed in URL
[ https://issues.apache.org/jira/browse/WICKET-6432?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Andrea Del Bene closed WICKET-6432.
-----------------------------------
Resolution: Not A Problem
> SignInPanel causes infinite redirect loop if session id is suppressed in URL
> ----------------------------------------------------------------------------
>
> Key: WICKET-6432
> URL: https://issues.apache.org/jira/browse/WICKET-6432
> Project: Wicket
> Issue Type: Bug
> Components: wicket-auth-roles
> Affects Versions: 7.8.0
> Reporter: Simon Erhardt
> Assignee: Martin Grigorov
> Priority: Major
> Attachments: redirect-loop.zip
>
>
> The attached, very simple quickstart causes an infinite redirection loop. It consists of a _AuthenticatedPage_, which is annotated by _@AuthorizeInstantiation_, and a _LoginPage_, using a SingInPanel, which is set up as home page.
> The trouble begins if one opens the HTTP URL after signing in with HTTPS.
> It happens only if Jetty is forced to suppress the session id as URL parameter (see [Jetty 9.2.X documentation|http://www.eclipse.org/jetty/documentation/9.2.22.v20170531/session-management.html#setting-session-characteristics]):
> {code}
> WebAppContext bb = new WebAppContext();
> // The following line causes the trouble
> bb.setInitParameter("org.eclipse.jetty.servlet.SessionIdPathParameterName", "none");
> {code}
> Steps to reproduce:
> # Start the application in test/java/quickstart/Start
> # Open https://localhost:8443
> # Sign in using "user" and "password"
> # After redirected to the AuthenticatedPage, open http://localhost:8080
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)