You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@wicket.apache.org by Ian Marshall <Ia...@GMail.com> on 2012/02/12 21:12:39 UTC
Link URLs with JSessionID truncated
Hello All,
A user's first visit to my app's home page results in the URL
http://[My domain]/main/PageHome;jsessionid=v_qqIGVQlKBbkNSOcHkAQw?0
Each org.apache.wicket.markup.html.link.Link on my home page has the URL of
the form
http://[My
domain]/main/..;jsessionid=v_qqIGVQlKBbkNSOcHkAQw?0-1.ILinkListener-lnkAbout
(of length 102 characters for the particular link URL copied here). These
URLs are invalid, because of the two dots present instead of the completed
path.
Is there any way I can configure Wicket to suppress this URL abbreviation,
or is this operation the province of the web application server or web
browser?
As a work-around, I have already coded the supression of JSessionIDs in my
links' URLs, and am coding the app to give a warning if session cookies are
disabled. But I would appreciate any pointers.
Ian Marshall
My operating environment
-------------------------
Web application server: (Jetty? in) Google App Engine
Wicket version: 1.5.3 (I know: it's not the very latest version!)
Web browsers: Mozilla Firefox 10.0.1
Microsoft Internet Explorer 8.0.6001.18702
as found on my HTC Wildfire S running Google Android
2.3.5
--
View this message in context: http://apache-wicket.1842946.n4.nabble.com/Link-URLs-with-JSessionID-truncated-tp4381881p4381881.html
Sent from the Users forum mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Link URLs (with JSessionID) truncated during URL rewriting
Posted by Bartosz Jakubowski <bu...@wp.pl>.
I use Jetty 6.1.26 and this patch works fine for me. Thanks.
On 23.02.2012 16:23, Ian Marshall wrote:
> I run my Wicket app on Google App Engine for Java, which I believe uses Jetty
> (or modified Jetty?) not Tomcat as its web application server.
>
> The JIRA ticket states
>
> "The bug does only show up when using tomcat (6.0.29) and not in jetty",
>
> so I'll dip out of testing this particular ticket if that's OK.
>
>
> Martin Grigorov-4 wrote
>> https://issues.apache.org/jira/browse/WICKET-4401
>> There is a patch attached to this ticket. Try it and send feedback.
> --
> View this message in context: http://apache-wicket.1842946.n4.nabble.com/Link-URLs-with-JSessionID-truncated-tp4381881p4414160.html
> Sent from the Users forum mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Link URLs (with JSessionID) truncated during URL rewriting
Posted by Ian Marshall <Ia...@GMail.com>.
I run my Wicket app on Google App Engine for Java, which I believe uses Jetty
(or modified Jetty?) not Tomcat as its web application server.
The JIRA ticket states
"The bug does only show up when using tomcat (6.0.29) and not in jetty",
so I'll dip out of testing this particular ticket if that's OK.
Martin Grigorov-4 wrote
> https://issues.apache.org/jira/browse/WICKET-4401
> There is a patch attached to this ticket. Try it and send feedback.
--
View this message in context: http://apache-wicket.1842946.n4.nabble.com/Link-URLs-with-JSessionID-truncated-tp4381881p4414160.html
Sent from the Users forum mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Link URLs (with JSessionID) truncated during URL rewriting
Posted by Martin Grigorov <mg...@apache.org>.
On Thu, Feb 23, 2012 at 4:09 PM, Bartosz Jakubowski <bu...@wp.pl> wrote:
> I've had the same issue. It happens when you have mounted home page to "/"
> and another page Foo to "/foo". Then the URL with jsessionid looks like
> this: /foo/..;jsessionid and the mapper of page Foo takes it as if it is a
> URL to this page with parameter "..". And this mapper always goes before
> home page mapper, because it has score 1 for matching first segment.
>
> I fixed it by overloading newWebRequest in Application class:
>
> protected WebRequest newWebRequest(HttpServletRequest servletRequest,
> String filterPath) {
> WebRequest webRequest = super.newWebRequest(servletRequest,
> filterPath);
> return new ServletWebRequest(servletRequest, filterPath,
> webRequest.getUrl().canonical());
> }
https://issues.apache.org/jira/browse/WICKET-4401
There is a patch attached to this ticket. Try it and send feedback.
--
Martin Grigorov
jWeekend
Training, Consulting, Development
http://jWeekend.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: Link URLs (with JSessionID) truncated during URL rewriting
Posted by Bartosz Jakubowski <bu...@wp.pl>.
I've had the same issue. It happens when you have mounted home page to
"/" and another page Foo to "/foo". Then the URL with jsessionid looks
like this: /foo/..;jsessionid and the mapper of page Foo takes it as if
it is a URL to this page with parameter "..". And this mapper always
goes before home page mapper, because it has score 1 for matching first
segment.
I fixed it by overloading newWebRequest in Application class:
protected WebRequest newWebRequest(HttpServletRequest servletRequest,
String filterPath) {
WebRequest webRequest = super.newWebRequest(servletRequest,
filterPath);
return new ServletWebRequest(servletRequest, filterPath,
webRequest.getUrl().canonical());
}
Re: Link URLs (with JSessionID) truncated during URL rewriting
Posted by Ian Marshall <Ia...@GMail.com>.
I fixed the problem by going around it.
All my web pages are descended from my PageBase class, which in turn
descends from Wicket's WebPage.
· I disable my automatic removal of JSessionID by overriding
public String ServletWebResponse.encodeURL(CharSequence url)
in my WebApplication.
· In my PageBase constructor, I determine whether (session) cookies are
detected are being stored or not.
· If not, then I raise an
org.apache.wicket.RestartResponseException(final Class<C> pageClass)
to show my PageCookiesDisabled. This interrupts a "Not found" error
from
an invalid URL containing ".." characters, which I encountered
previously.
--
View this message in context: http://apache-wicket.1842946.n4.nabble.com/Link-URLs-with-JSessionID-truncated-tp4381881p4414037.html
Sent from the Users forum mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Link URLs (with JSessionID) truncated during URL rewriting
Posted by Ian Marshall <Ia...@GMail.com>.
Hello All,
Has anyone else apart from me suffered from this problem of URLs being
truncated to become invalid?
I would appreciate it if anyone else shared my pain!
Ian Marshall
Ian Marshall wrote
>
> Hello All,
>
> A user's first visit to my app's home page results in the URL
>
> http://[My domain]/main/PageHome;jsessionid=v_qqIGVQlKBbkNSOcHkAQw?0
>
> Each org.apache.wicket.markup.html.link.Link on my home page has the URL
> of the form
>
> http://[My
> domain]/main/..;jsessionid=v_qqIGVQlKBbkNSOcHkAQw?0-1.ILinkListener-lnkAbout
>
> (of length 102 characters for the particular link URL copied here). These
> URLs are invalid, because of the two dots present instead of the completed
> path.
>
> Is there any way I can configure Wicket to suppress this URL abbreviation,
> or is this operation the province of the web application server or web
> browser?
>
> As a work-around, I have already coded the supression of JSessionIDs in my
> links' URLs, and am coding the app to give a warning if session cookies
> are disabled. But I would appreciate any pointers.
>
> Ian Marshall
>
>
> My operating environment
> -------------------------
> Web application server: (Jetty? in) Google App Engine
> Wicket version: 1.5.3 (I know: it's not the very latest version!)
> Web browsers: Mozilla Firefox 10.0.1
> Microsoft Internet Explorer 8.0.6001.18702
> as found on my HTC Wildfire S running Google
> Android 2.3.5
>
--
View this message in context: http://apache-wicket.1842946.n4.nabble.com/Link-URLs-with-JSessionID-truncated-tp4381881p4386619.html
Sent from the Users forum mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
RE: Link URLs with JSessionID truncated
Posted by Ian Marshall <Ia...@GMail.com>.
Chris Colman-2 wrote
>
> I was going to suggest that the relative URL problem might be caused by:
>
> https://issues.apache.org/jira/browse/WICKET-4138
>
> but that was fixed in 1.5.3.
>
> Maybe it's related to https://issues.apache.org/jira/browse/WICKET-4138
> , fixed in 1.5.4.
Both links are identical. What was the issue solved in 1.5.4? (I had already
scanned the 1.5.4 change log and could not see a bug which might have
already fixed my problem.)
Chris Colman-2 wrote
>
> In any case I would build the latest 1.5.x snapshot and see if your
> problem goes away. 1.5.3 is a few months old now which, with the rapid
> pace of Wicket development, is quite old ;)
>
I shall migrate to 1.5.4 soon and see if my problem will be fixed, but I do
not hope.
I wonder if anyone else has encountered this issue.
--
View this message in context: http://apache-wicket.1842946.n4.nabble.com/Link-URLs-with-JSessionID-truncated-tp4381881p4385209.html
Sent from the Users forum mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
RE: Link URLs with JSessionID truncated
Posted by Chris Colman <ch...@stepaheadsoftware.com>.
I was going to suggest that the relative URL problem might be caused by:
https://issues.apache.org/jira/browse/WICKET-4138
but that was fixed in 1.5.3.
Maybe it's related to https://issues.apache.org/jira/browse/WICKET-4138
, fixed in 1.5.4.
In any case I would build the latest 1.5.x snapshot and see if your
problem goes away. 1.5.3 is a few months old now which, with the rapid
pace of Wicket development, is quite old ;)
>-----Original Message-----
>From: Ian Marshall [mailto:IanMarshall.UK@GMail.com]
>Sent: Monday, 13 February 2012 8:34 PM
>To: users@wicket.apache.org
>Subject: RE: Link URLs with JSessionID truncated
>
>Wicket version: 1.5.3.
>
>--
>View this message in context: http://apache-
>wicket.1842946.n4.nabble.com/Link-URLs-with-JSessionID-truncated-
>tp4381881p4383252.html
>Sent from the Users forum mailing list archive at Nabble.com.
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>For additional commands, e-mail: users-help@wicket.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
RE: Link URLs with JSessionID truncated
Posted by Ian Marshall <Ia...@GMail.com>.
Wicket version: 1.5.3.
--
View this message in context: http://apache-wicket.1842946.n4.nabble.com/Link-URLs-with-JSessionID-truncated-tp4381881p4383252.html
Sent from the Users forum mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
RE: Link URLs with JSessionID truncated
Posted by Chris Colman <ch...@stepaheadsoftware.com>.
"Not found" errors are bad.
What version of Wicket are you using?
>-----Original Message-----
>From: Ian Marshall [mailto:IanMarshall.UK@GMail.com]
>Sent: Monday, 13 February 2012 8:41 AM
>To: users@wicket.apache.org
>Subject: RE: Link URLs with JSessionID truncated
>
>Hi Chris,
>
>I suppressed JSessionIDs in my links' URLs, not because I dislike them,
but
>solely because I found that my links' URLs were not working because the
>".."
>strings were appearing.
>
>So, unless I can find a better way, I need to suppress the JSessionIDs
and
>require session cookie enablement. It's pants, but better than "Not
found"
>errors being presented to users following my links.
>
>Cheers,
>
>Ian
>
>--
>View this message in context: http://apache-
>wicket.1842946.n4.nabble.com/Link-URLs-with-JSessionID-truncated-
>tp4381881p4382081.html
>Sent from the Users forum mailing list archive at Nabble.com.
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>For additional commands, e-mail: users-help@wicket.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
RE: Link URLs with JSessionID truncated
Posted by Ian Marshall <Ia...@GMail.com>.
Hi Chris,
I suppressed JSessionIDs in my links' URLs, not because I dislike them, but
solely because I found that my links' URLs were not working because the ".."
strings were appearing.
So, unless I can find a better way, I need to suppress the JSessionIDs and
require session cookie enablement. It's pants, but better than "Not found"
errors being presented to users following my links.
Cheers,
Ian
--
View this message in context: http://apache-wicket.1842946.n4.nabble.com/Link-URLs-with-JSessionID-truncated-tp4381881p4382081.html
Sent from the Users forum mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
RE: Link URLs with JSessionID truncated
Posted by Chris Colman <ch...@stepaheadsoftware.com>.
If a user has disabled session cookies your Wicket app will still work
fine using URL rewriting.
If you stop the URL rewriting and give a message to people who have
disabled cookies you will prevent a certain % of visitors from using
your web app.
I'm not sure what that % of people is but in the past some people have
believed the mantra that 'enabling cookies' is security hole/privacy
issue. I've never believed that mantra but there is quite possibly a %
of the population that do and so disabled cookies.
>-----Original Message-----
>From: Ian Marshall [mailto:IanMarshall.UK@GMail.com]
>Sent: Monday, 13 February 2012 7:13 AM
>To: users@wicket.apache.org
>Subject: Link URLs with JSessionID truncated
>
>Hello All,
>
>A user's first visit to my app's home page results in the URL
>
> http://[My domain]/main/PageHome;jsessionid=v_qqIGVQlKBbkNSOcHkAQw?0
>
>Each org.apache.wicket.markup.html.link.Link on my home page has the
URL of
>the form
>
> http://[My
>domain]/main/..;jsessionid=v_qqIGVQlKBbkNSOcHkAQw?0-1.ILinkListener-
>lnkAbout
>
>(of length 102 characters for the particular link URL copied here).
These
>URLs are invalid, because of the two dots present instead of the
completed
>path.
>
>Is there any way I can configure Wicket to suppress this URL
abbreviation,
>or is this operation the province of the web application server or web
>browser?
>
>As a work-around, I have already coded the supression of JSessionIDs in
my
>links' URLs, and am coding the app to give a warning if session cookies
are
>disabled. But I would appreciate any pointers.
>
>Ian Marshall
>
>
>My operating environment
>-------------------------
>Web application server: (Jetty? in) Google App Engine
>Wicket version: 1.5.3 (I know: it's not the very latest
version!)
>Web browsers: Mozilla Firefox 10.0.1
> Microsoft Internet Explorer 8.0.6001.18702
> as found on my HTC Wildfire S running Google
>Android
>2.3.5
>
>--
>View this message in context: http://apache-
>wicket.1842946.n4.nabble.com/Link-URLs-with-JSessionID-truncated-
>tp4381881p4381881.html
>Sent from the Users forum mailing list archive at Nabble.com.
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>For additional commands, e-mail: users-help@wicket.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org