You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by "Roland Foerther (JIRA)" <ji...@apache.org> on 2007/08/06 01:51:29 UTC
[jira] Created: (WICKET-824) Session id encoding problem in
cookie-less mode
Session id encoding problem in cookie-less mode
-----------------------------------------------
Key: WICKET-824
URL: https://issues.apache.org/jira/browse/WICKET-824
Project: Wicket
Issue Type: Bug
Components: wicket
Affects Versions: 1.3.0-beta2
Environment: Tomcat 5.5.23, OS X
Reporter: Roland Foerther
Priority: Critical
If I disable session cookies, the URL-encoding does not work. The problem appears in displaying 'page expired' when I click through 'wicket-exmples' .
I discovered that HttpServletResponse.encodeUrl() called by WebRequestCodingStrategy.encode() does not encode the session id, if it is called with a relative URL like `?wicket:interface=:0:inputForm:IFormSubmitListener::'. i.e.. starting with '?'.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (WICKET-824) Session id encoding problem in
cookie-less mode
Posted by "Matej Knopp (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WICKET-824?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12524303 ]
Matej Knopp commented on WICKET-824:
------------------------------------
Now that's really weird. Just clicking through wicket examples and all works well without cookies. (But on jetty, not tomcat though)
> Session id encoding problem in cookie-less mode
> -----------------------------------------------
>
> Key: WICKET-824
> URL: https://issues.apache.org/jira/browse/WICKET-824
> Project: Wicket
> Issue Type: Bug
> Components: wicket
> Affects Versions: 1.3.0-beta2
> Environment: Tomcat 5.5.23, OS X
> Reporter: Roland Foerther
> Assignee: Alastair Maw
> Priority: Critical
> Fix For: 1.3.0-beta4
>
>
> If I disable session cookies, the URL-encoding does not work. The problem appears in displaying 'page expired' when I click through 'wicket-exmples' .
> I discovered that HttpServletResponse.encodeUrl() called by WebRequestCodingStrategy.encode() does not encode the session id, if it is called with a relative URL like `?wicket:interface=:0:inputForm:IFormSubmitListener::'. i.e.. starting with '?'.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (WICKET-824) Session id encoding problem in
cookie-less mode
Posted by "John Ray (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WICKET-824?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12530572 ]
John Ray commented on WICKET-824:
---------------------------------
I've been bit by this bug and tracked down the problems. There are actually 2 bugs here.
The first is that the wicket session can not be temporary you must call Session.bind() which then calls HttpServletReqest.getSession(true). If you don't do this then Tomcat will not add a session ID to the URL since there is no session. I'll also post a message to the dev mailing list as I think there are issues with always doing a Session.bind() .
The second issue is with the new relative URLs in version 1.3. Tomcat will only add a session ID if there is a path in the URL. So any deep URLs are handled fine but for a root URL like this
?wicket:interface=:0:form:clients:1:edit::ILinkListener::
Tomcat just leaves it as is. But if you pass in
./?wicket:interface=:0:form:clients:1:edit::ILinkListener::
Then Tomcat encodes it properly to
./;jsessionid=82C9FE8D98F69D95FF698719BC0D0AAD?wicket:interface=:0:form:clients:1:edit::ILinkListener::
I'll attach a patch which fixes this. The patch also fixes another bug which shows up in ServletWebRequest.getRelativePathPrefixToWicketHandler() where it calculates the depth to any URL starting with "./" as being 1 level too deep.
> Session id encoding problem in cookie-less mode
> -----------------------------------------------
>
> Key: WICKET-824
> URL: https://issues.apache.org/jira/browse/WICKET-824
> Project: Wicket
> Issue Type: Bug
> Components: wicket
> Affects Versions: 1.3.0-beta2
> Environment: Tomcat 5.5.23, OS X
> Reporter: Roland Foerther
> Assignee: Alastair Maw
> Priority: Critical
> Fix For: 1.3.0-beta4
>
> Attachments: Fix.diff
>
>
> If I disable session cookies, the URL-encoding does not work. The problem appears in displaying 'page expired' when I click through 'wicket-exmples' .
> I discovered that HttpServletResponse.encodeUrl() called by WebRequestCodingStrategy.encode() does not encode the session id, if it is called with a relative URL like `?wicket:interface=:0:inputForm:IFormSubmitListener::'. i.e.. starting with '?'.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (WICKET-824) Session id encoding problem in
cookie-less mode
Posted by "Matej Knopp (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WICKET-824?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12530589 ]
Matej Knopp commented on WICKET-824:
------------------------------------
I'm not sure about the part with session binding. We bind session on the first statefull URL we encounter. So all URLs with wicket:interface in them should be encoded (apart from the URLs starting with ?wicket:interface on tomcat it seems). However, if we render bookmarkable URLs before stateful URLs, we'll end with some URLs without sessionId.
Still, I don't really like binding session by default :-/
> Session id encoding problem in cookie-less mode
> -----------------------------------------------
>
> Key: WICKET-824
> URL: https://issues.apache.org/jira/browse/WICKET-824
> Project: Wicket
> Issue Type: Bug
> Components: wicket
> Affects Versions: 1.3.0-beta2
> Environment: Tomcat 5.5.23, OS X
> Reporter: Roland Foerther
> Assignee: Alastair Maw
> Priority: Critical
> Fix For: 1.3.0-beta4
>
> Attachments: Fix.diff
>
>
> If I disable session cookies, the URL-encoding does not work. The problem appears in displaying 'page expired' when I click through 'wicket-exmples' .
> I discovered that HttpServletResponse.encodeUrl() called by WebRequestCodingStrategy.encode() does not encode the session id, if it is called with a relative URL like `?wicket:interface=:0:inputForm:IFormSubmitListener::'. i.e.. starting with '?'.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (WICKET-824) Session id encoding problem in
cookie-less mode
Posted by "John Ray (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WICKET-824?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12530591 ]
John Ray commented on WICKET-824:
---------------------------------
Oops. Sorry I gave a bad example. The page in my app has some bookmarkable URLs (at the top in a nav bar) as well as some stateful URLs in the page. The bookmarkable ones in the nav bar are missing the session ID.
I agree with you and don't like the idea of binding a session by default. But then it leads to the strange behavior where bookmarkable pages in the header of a page do not have session IDs but those in the footer do. Assuming there are some stateful URLs in the middle of course.
> Session id encoding problem in cookie-less mode
> -----------------------------------------------
>
> Key: WICKET-824
> URL: https://issues.apache.org/jira/browse/WICKET-824
> Project: Wicket
> Issue Type: Bug
> Components: wicket
> Affects Versions: 1.3.0-beta2
> Environment: Tomcat 5.5.23, OS X
> Reporter: Roland Foerther
> Assignee: Alastair Maw
> Priority: Critical
> Fix For: 1.3.0-beta4
>
> Attachments: Fix.diff
>
>
> If I disable session cookies, the URL-encoding does not work. The problem appears in displaying 'page expired' when I click through 'wicket-exmples' .
> I discovered that HttpServletResponse.encodeUrl() called by WebRequestCodingStrategy.encode() does not encode the session id, if it is called with a relative URL like `?wicket:interface=:0:inputForm:IFormSubmitListener::'. i.e.. starting with '?'.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (WICKET-824) Session id encoding problem in
cookie-less mode
Posted by "Matej Knopp (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WICKET-824?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Matej Knopp reassigned WICKET-824:
----------------------------------
Assignee: Matej Knopp (was: Alastair Maw)
> Session id encoding problem in cookie-less mode
> -----------------------------------------------
>
> Key: WICKET-824
> URL: https://issues.apache.org/jira/browse/WICKET-824
> Project: Wicket
> Issue Type: Bug
> Components: wicket
> Affects Versions: 1.3.0-beta2
> Environment: Tomcat 5.5.23, OS X
> Reporter: Roland Foerther
> Assignee: Matej Knopp
> Priority: Critical
> Fix For: 1.3.0-beta4
>
> Attachments: Fix.diff
>
>
> If I disable session cookies, the URL-encoding does not work. The problem appears in displaying 'page expired' when I click through 'wicket-exmples' .
> I discovered that HttpServletResponse.encodeUrl() called by WebRequestCodingStrategy.encode() does not encode the session id, if it is called with a relative URL like `?wicket:interface=:0:inputForm:IFormSubmitListener::'. i.e.. starting with '?'.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (WICKET-824) Session id encoding problem in
cookie-less mode
Posted by "Matej Knopp (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WICKET-824?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12522853 ]
Matej Knopp commented on WICKET-824:
------------------------------------
Seems to work for me. Perhaps this is already fixed?
> Session id encoding problem in cookie-less mode
> -----------------------------------------------
>
> Key: WICKET-824
> URL: https://issues.apache.org/jira/browse/WICKET-824
> Project: Wicket
> Issue Type: Bug
> Components: wicket
> Affects Versions: 1.3.0-beta2
> Environment: Tomcat 5.5.23, OS X
> Reporter: Roland Foerther
> Priority: Critical
> Fix For: 1.3.0-beta4
>
>
> If I disable session cookies, the URL-encoding does not work. The problem appears in displaying 'page expired' when I click through 'wicket-exmples' .
> I discovered that HttpServletResponse.encodeUrl() called by WebRequestCodingStrategy.encode() does not encode the session id, if it is called with a relative URL like `?wicket:interface=:0:inputForm:IFormSubmitListener::'. i.e.. starting with '?'.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (WICKET-824) Session id encoding problem in
cookie-less mode
Posted by "Jean-Baptiste Quenot (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WICKET-824?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jean-Baptiste Quenot updated WICKET-824:
----------------------------------------
Fix Version/s: 1.3.0-beta4
Looks reasonable to do for the next release
> Session id encoding problem in cookie-less mode
> -----------------------------------------------
>
> Key: WICKET-824
> URL: https://issues.apache.org/jira/browse/WICKET-824
> Project: Wicket
> Issue Type: Bug
> Components: wicket
> Affects Versions: 1.3.0-beta2
> Environment: Tomcat 5.5.23, OS X
> Reporter: Roland Foerther
> Priority: Critical
> Fix For: 1.3.0-beta4
>
>
> If I disable session cookies, the URL-encoding does not work. The problem appears in displaying 'page expired' when I click through 'wicket-exmples' .
> I discovered that HttpServletResponse.encodeUrl() called by WebRequestCodingStrategy.encode() does not encode the session id, if it is called with a relative URL like `?wicket:interface=:0:inputForm:IFormSubmitListener::'. i.e.. starting with '?'.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Assigned: (WICKET-824) Session id encoding problem in
cookie-less mode
Posted by "Igor Vaynberg (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WICKET-824?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Igor Vaynberg reassigned WICKET-824:
------------------------------------
Assignee: Alastair Maw
i just confirmed it, no jsession id is appended to the url - not even on the first request
> Session id encoding problem in cookie-less mode
> -----------------------------------------------
>
> Key: WICKET-824
> URL: https://issues.apache.org/jira/browse/WICKET-824
> Project: Wicket
> Issue Type: Bug
> Components: wicket
> Affects Versions: 1.3.0-beta2
> Environment: Tomcat 5.5.23, OS X
> Reporter: Roland Foerther
> Assignee: Alastair Maw
> Priority: Critical
> Fix For: 1.3.0-beta4
>
>
> If I disable session cookies, the URL-encoding does not work. The problem appears in displaying 'page expired' when I click through 'wicket-exmples' .
> I discovered that HttpServletResponse.encodeUrl() called by WebRequestCodingStrategy.encode() does not encode the session id, if it is called with a relative URL like `?wicket:interface=:0:inputForm:IFormSubmitListener::'. i.e.. starting with '?'.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (WICKET-824) Session id encoding problem in
cookie-less mode
Posted by "Eelco Hillenius (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WICKET-824?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12524306 ]
Eelco Hillenius commented on WICKET-824:
----------------------------------------
Yeah, I've been testing without cookies like crazy, and never ran into this. But I haven't tested this particular method.
> Session id encoding problem in cookie-less mode
> -----------------------------------------------
>
> Key: WICKET-824
> URL: https://issues.apache.org/jira/browse/WICKET-824
> Project: Wicket
> Issue Type: Bug
> Components: wicket
> Affects Versions: 1.3.0-beta2
> Environment: Tomcat 5.5.23, OS X
> Reporter: Roland Foerther
> Assignee: Alastair Maw
> Priority: Critical
> Fix For: 1.3.0-beta4
>
>
> If I disable session cookies, the URL-encoding does not work. The problem appears in displaying 'page expired' when I click through 'wicket-exmples' .
> I discovered that HttpServletResponse.encodeUrl() called by WebRequestCodingStrategy.encode() does not encode the session id, if it is called with a relative URL like `?wicket:interface=:0:inputForm:IFormSubmitListener::'. i.e.. starting with '?'.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (WICKET-824) Session id encoding problem in
cookie-less mode
Posted by "John Ray (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WICKET-824?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
John Ray updated WICKET-824:
----------------------------
Attachment: Fix.diff
A possible fix for this issue
> Session id encoding problem in cookie-less mode
> -----------------------------------------------
>
> Key: WICKET-824
> URL: https://issues.apache.org/jira/browse/WICKET-824
> Project: Wicket
> Issue Type: Bug
> Components: wicket
> Affects Versions: 1.3.0-beta2
> Environment: Tomcat 5.5.23, OS X
> Reporter: Roland Foerther
> Assignee: Alastair Maw
> Priority: Critical
> Fix For: 1.3.0-beta4
>
> Attachments: Fix.diff
>
>
> If I disable session cookies, the URL-encoding does not work. The problem appears in displaying 'page expired' when I click through 'wicket-exmples' .
> I discovered that HttpServletResponse.encodeUrl() called by WebRequestCodingStrategy.encode() does not encode the session id, if it is called with a relative URL like `?wicket:interface=:0:inputForm:IFormSubmitListener::'. i.e.. starting with '?'.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (WICKET-824) Session id encoding problem in
cookie-less mode
Posted by "Matej Knopp (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/WICKET-824?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Matej Knopp resolved WICKET-824.
--------------------------------
Resolution: Fixed
This should be fixed now. Now we temporarily prepend ./ before calling encodeURL and the session should be bound on beforeRender of first stateful component on page (thus before actual rendering)
> Session id encoding problem in cookie-less mode
> -----------------------------------------------
>
> Key: WICKET-824
> URL: https://issues.apache.org/jira/browse/WICKET-824
> Project: Wicket
> Issue Type: Bug
> Components: wicket
> Affects Versions: 1.3.0-beta2
> Environment: Tomcat 5.5.23, OS X
> Reporter: Roland Foerther
> Assignee: Matej Knopp
> Priority: Critical
> Fix For: 1.3.0-beta4
>
> Attachments: Fix.diff
>
>
> If I disable session cookies, the URL-encoding does not work. The problem appears in displaying 'page expired' when I click through 'wicket-exmples' .
> I discovered that HttpServletResponse.encodeUrl() called by WebRequestCodingStrategy.encode() does not encode the session id, if it is called with a relative URL like `?wicket:interface=:0:inputForm:IFormSubmitListener::'. i.e.. starting with '?'.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.