You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by "Simon Erhardt (JIRA)" <ji...@apache.org> on 2017/08/02 15:15:00 UTC
[jira] [Created] (WICKET-6432) SignInPanel causes infinite redirect
loop if session id is suppressed in URL
Simon Erhardt created WICKET-6432:
-------------------------------------
Summary: SignInPanel causes infinite redirect loop if session id is suppressed in URL
Key: WICKET-6432
URL: https://issues.apache.org/jira/browse/WICKET-6432
Project: Wicket
Issue Type: Bug
Components: wicket-auth-roles
Affects Versions: 7.8.0
Reporter: Simon Erhardt
Attachments: redirect-loop.zip
The attached, very simple quickstart causes an infinite redirection loop. It consists of a _AuthenticatedPage_, which is annotated by _@AuthorizeInstantiation_, and a _LoginPage_, using a SingInPanel, which is set up as home page.
The trouble begins if one opens the HTTP URL after signing in with HTTPS.
It happens only if Jetty is forced to suppress the session id as URL parameter (see [Jetty 9.2.X documentation|http://www.eclipse.org/jetty/documentation/9.2.22.v20170531/session-management.html#setting-session-characteristics]):
{code}
WebAppContext bb = new WebAppContext();
// The following line causes the trouble
bb.setInitParameter("org.eclipse.jetty.servlet.SessionIdPathParameterName", "none");
{code}
Steps to reproduce:
# Start the application in test/java/quickstart/Start
# Open https://localhost:8443
# Sign in using "user" and "password"
# After redirected to the AuthenticatedPage, open http://localhost:8080
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)