Wicket
  1. Wicket
  2. WICKET-3841

Redirecting to the home page after binding the session leads to Wicket creating an invalid URL

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 1.5-RC5.1
    • Fix Version/s: 1.5-RC6
    • Component/s: wicket
    • Labels:
      None
    • Environment:
      Mac Safari 5.0.5

      Description

      This issue is demonstrated in the attached quickstart.

      Consider a stateless page that contains a form. When the user loads this page, a servlet session does not yet exist.

      Now, in the onSubmit() of the form, call Session.get().bind(). This forces a servlet session to be created. The response to the form submission will thus contain a session cookie, and if a redirect is performed the URL will be rewritten to include a jsessionid.

      A problem occurs when a redirect to the home page is performed in this scenario. Wicket responds with a Location header that looks like this:

      Location: http://localhost:8080;jsessionid=cck8jr4b1vdtd5h7a17qv9bn

      If I'm not mistaken this is an invalid URL. There should be a forward-slash between 8080 and ;jsessionid.

      Safari on the Mac reports the following error:

      "Safari can't open the page "http://localhost:8080;jsessionid=cck8jr4b1vdtd5h7a17qv9bn/" because Safari can't connect to the server "localhost".

      If you then press the reload button in Safari, the error changes to:

      "Safari can't open the page "http://localhost:8080;jsessionid=cck8jr4b1vdtd5h7a17qv9bn/" because the page's address isn't valid."

      Other browsers, like Firefox 5.0, seem to automatically correct Wicket's mistake and do not report an error.

        Activity

        Hide
        Martin Grigorov added a comment -

        jsessionid is set by the web container with HttpServletResponse#encodeURL().
        Which web container do you use ?

        Show
        Martin Grigorov added a comment - jsessionid is set by the web container with HttpServletResponse#encodeURL(). Which web container do you use ?
        Hide
        Igor Vaynberg added a comment -

        did we tack on the / to the end though? if it was us, the code responsible needs to be more careful about jsessionid in the url

        Show
        Igor Vaynberg added a comment - did we tack on the / to the end though? if it was us, the code responsible needs to be more careful about jsessionid in the url
        Hide
        Martin Grigorov added a comment -

        The quickstart works OK here on Chrome 14.x, FF5, Opera 11.50. I have no Mac/Safari.

        At org.apache.wicket.protocol.http.servlet.ServletWebResponse.sendRedirect(String) Wicket produces "http://localhost:8080" then it passes it to HttpServletResponse.encodeURL() which returns "http://localhost:8080;jsessionid=t1qm9o128635l3olsv7fix4l".
        This is Jetty 7.3.0 from the quickstart.

        Show
        Martin Grigorov added a comment - The quickstart works OK here on Chrome 14.x, FF5, Opera 11.50. I have no Mac/Safari. At org.apache.wicket.protocol.http.servlet.ServletWebResponse.sendRedirect(String) Wicket produces "http://localhost:8080" then it passes it to HttpServletResponse.encodeURL() which returns "http://localhost:8080;jsessionid=t1qm9o128635l3olsv7fix4l". This is Jetty 7.3.0 from the quickstart.
        Hide
        Martin Grigorov added a comment -

        Tomcat 7.0.12 does the same.

        Show
        Martin Grigorov added a comment - Tomcat 7.0.12 does the same.
        Hide
        Matt Brictson added a comment -

        To answer Martin's question: I was using the jetty:run with the quickstart, which is version 7.3.0.v20110203. The problem also occurs with jetty:run version 6.1.26.

        This defect also affects Mobile Safari. Using Safari on an iPhone 4 with iOS 4.2.8: "Safari cannot open the page because the server cannot be found." The same error also appears on iPad with iOS 4.3.3.

        Show
        Matt Brictson added a comment - To answer Martin's question: I was using the jetty:run with the quickstart, which is version 7.3.0.v20110203. The problem also occurs with jetty:run version 6.1.26. This defect also affects Mobile Safari. Using Safari on an iPhone 4 with iOS 4.2.8: "Safari cannot open the page because the server cannot be found." The same error also appears on iPad with iOS 4.3.3.
        Hide
        Peter Ertl added a comment -

        (Got an mac with OS X and could reproduce the problem)

        the ;jsessionid is appended by

        HttpServletResponse#encodeRedirectURL(url).

        I guess the problem is that in an url like

        http://localhost;jsessionid=1drwhjjzkfl9w1e8i5fwpwx6ax

        the ;jsessionid is placed right after the hostname without an explicit path. So webkit seems to take the ;jsessionid part for the path of the page

        try

        http://localhost;x

        and get the same error as mentioned by Matt.

        However once we have an query string

        http://localhost?foo=bar;jsessionid=1drwhjjzkfl9w1e8i5fwpwx6ax

        webkit does not complain.

        Show
        Peter Ertl added a comment - (Got an mac with OS X and could reproduce the problem) the ;jsessionid is appended by HttpServletResponse#encodeRedirectURL(url). I guess the problem is that in an url like http://localhost;jsessionid=1drwhjjzkfl9w1e8i5fwpwx6ax the ;jsessionid is placed right after the hostname without an explicit path. So webkit seems to take the ;jsessionid part for the path of the page try http://localhost;x and get the same error as mentioned by Matt. However once we have an query string http://localhost?foo=bar;jsessionid=1drwhjjzkfl9w1e8i5fwpwx6ax webkit does not complain.
        Hide
        Martin Grigorov added a comment -

        > http://localhost?foo=bar;jsessionid=1drwhjjzkfl9w1e8i5fwpwx6ax
        is not valid in this case.
        ; can be used as replacement of & as a separator for the key/values

        to be proper it should look like: http://localhost/;jsessionid=1drwhjjzkfl9w1e8i5fwpwx6ax?foo=bar

        It seems to be a problem in the web containers (Tomcat and Jetty are tested). The browsers try to fix it: http://localhost:8080/;jsessionid=1drwhjjzkfl9w1e8i5fwpwx6ax
        i.e. move ;jsessionid=.. after '/'

        Show
        Martin Grigorov added a comment - > http://localhost?foo=bar;jsessionid=1drwhjjzkfl9w1e8i5fwpwx6ax is not valid in this case. ; can be used as replacement of & as a separator for the key/values to be proper it should look like: http://localhost/;jsessionid=1drwhjjzkfl9w1e8i5fwpwx6ax?foo=bar It seems to be a problem in the web containers (Tomcat and Jetty are tested). The browsers try to fix it: http://localhost:8080/;jsessionid=1drwhjjzkfl9w1e8i5fwpwx6ax i.e. move ;jsessionid=.. after '/'
        Hide
        Peter Ertl added a comment -

        @Martin: You are right, actually the url looks like

        http://localhost/;jsessionid=a95s72vg5h4fiyqauh8sj1al?bla=123

        did not verify it before

        So Webkit only fails to fix the url in the case we redirect to '.' without query string

        Show
        Peter Ertl added a comment - @Martin: You are right, actually the url looks like http://localhost/;jsessionid=a95s72vg5h4fiyqauh8sj1al?bla=123 did not verify it before So Webkit only fails to fix the url in the case we redirect to '.' without query string
        Hide
        Peter Ertl added a comment -

        patch comittted ... please confirm it's working or broken ...

        Show
        Peter Ertl added a comment - patch comittted ... please confirm it's working or broken ...
        Hide
        Peter Ertl added a comment -

        these browsers work for me on OS X 10.6.8:

        • Safari 5.0.5
        • Chrome 12.0.742.112
        • Firefox 4.0.1
        • Firefox 5.0
        Show
        Peter Ertl added a comment - these browsers work for me on OS X 10.6.8: Safari 5.0.5 Chrome 12.0.742.112 Firefox 4.0.1 Firefox 5.0
        Hide
        Peter Ertl added a comment -

        test seem to be ok so far, closing the ticket

        Show
        Peter Ertl added a comment - test seem to be ok so far, closing the ticket
        Hide
        Martin Grigorov added a comment -

        Tomcat 7 will be improved for 7.0.18. See http://marc.info/?t=130934589600002&r=1&w=2 for the discussion.
        Jetty 7 bug report at: https://bugs.eclipse.org/bugs/show_bug.cgi?id=351199

        Show
        Martin Grigorov added a comment - Tomcat 7 will be improved for 7.0.18. See http://marc.info/?t=130934589600002&r=1&w=2 for the discussion. Jetty 7 bug report at: https://bugs.eclipse.org/bugs/show_bug.cgi?id=351199

          People

          • Assignee:
            Peter Ertl
            Reporter:
            Matt Brictson
          • Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development