-
Bug
-
Resolution: Done
-
Major
-
1.2.0.Beta8
-
None
I guess 2 problems here:
1. When isRequestedSessionIdFromCookie() is invoked inside encodeURL(), it returns always true while no session cookies in a request.
After application invokes HttpServletRequest#getSession(), SessionCookieConfig#setSessionId() creates a cookie and set it to HttpServerExchange instance. but it sets both of response and request of HttpServerExchange instance using setResponseCookie() and getRequestCookies().put(). I guess that getRequestCookies().put() is should NOT be invoked because isRequestedSessionIdFromCookie() uses getRequestCookies() to check where a cookie come from.
2. SessionCookieConfigImpl#rewriteUrl() doesn't care fallback.
It simply returns the original URL. it should do that check whether JSESSIONID is available in cookie then if not available append JSESSIONID to URL and return, when if "fallback" is available.