Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 1.2.0.Beta10
Affects Version/s: 1.2.0.Beta8
Component/s: Servlet
Labels:
None

Steps to Reproduce:

Hide

Small web app for testing available at https://github.com/lbtc-xxx/jsessionid . how to use:

1. git clone
2. mvn clean package
3. deploy
4. access http://localhost:8080/jsessionid-1.0-SNAPSHOT/test . firebug would be useful

Show
Small web app for testing available at https://github.com/lbtc-xxx/jsessionid . how to use: 1. git clone 2. mvn clean package 3. deploy 4. access http://localhost:8080/jsessionid-1.0-SNAPSHOT/test . firebug would be useful
Forum Reference:
https://developer.jboss.org/thread/251459
Git Pull Request:
https://github.com/undertow-io/undertow/pull/287, https://github.com/wildfly/wildfly/pull/7197

I guess 2 problems here:

1. When isRequestedSessionIdFromCookie() is invoked inside encodeURL(), it returns always true while no session cookies in a request.

After application invokes HttpServletRequest#getSession(), SessionCookieConfig#setSessionId() creates a cookie and set it to HttpServerExchange instance. but it sets both of response and request of HttpServerExchange instance using setResponseCookie() and getRequestCookies().put(). I guess that getRequestCookies().put() is should NOT be invoked because isRequestedSessionIdFromCookie() uses getRequestCookies() to check where a cookie come from.

2. SessionCookieConfigImpl#rewriteUrl() doesn't care fallback.

It simply returns the original URL. it should do that check whether JSESSIONID is available in cookie then if not available append JSESSIONID to URL and return, when if "fallback" is available.

Assignee:: Stuart Douglas

Reporter:: Kohei Nozaki (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2015/02/25 5:11 AM

Updated:: 2015/03/08 6:39 PM

Resolved:: 2015/03/08 6:39 PM

Details

Description

Attachments

Activity

People

Dates

Hide