Uploaded image for project: 'Wicket'
  1. Wicket
  2. WICKET-5202

Page redirects can fail when using url encoding



    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 6.8.0
    • Fix Version/s: 6.9.0, 1.5.11, 7.0.0-M1
    • Component/s: wicket
    • Labels:
    • Environment:
      Linux, Tomcat 7.0.39, JDK 1.7.0


      When url encoding is used instead of cookies for session management, some redirections do not work in Wicket 6.8.0. The problem appears to be in UrlRenderer.renderRelativeUrl, which returns the (invalid) relative URL:


      when passed the URL:


      and when the UrlRenderer's base URL is:


      This is because the removeCommonPrefixes method tries to compare segments between the encoded target URL and a URL parsed from

      (URLRenderer line 319):
      Url commonPrefix = Url.parse(request.getContextPath() + request.getFilterPath());

      This second URL does not contain the ;jsessionid=... suffix and the removeCommonPrefixes method doesn't remove prefixes properly. The problem doesn't occur when using cookies for session management, of course.

      This issue is new between Wicket version 6.2.0 and 6.8.0. When deployed into a servlet container using url-encoding for session management, the following app works under Wicket 6.2.0 but fails (because of redirecting to an invalid URL) under Wicket 6.8.0:

      // ------------------------
      // App.java
      import org.apache.wicket.protocol.http.WebApplication;
      import org.apache.wicket.Page;

      public class App extends WebApplication {
      public Class<? extends Page> getHomePage()

      { return A.class; }


      // ------------------------
      // A.java
      import org.apache.wicket.markup.html.WebPage;
      import org.apache.wicket.markup.html.link.Link;

      public class A extends WebPage {
      public A() {
      add(new Link<Object>("link") {
      public void onClick()

      { setResponsePage(B.class); }


      // ------------------------
      // B.java
      import org.apache.wicket.markup.html.WebPage;
      import org.apache.wicket.markup.html.link.Link;

      public class B extends WebPage {
      public B() {
      add(new Link<Object>("link") {
      public void onClick()

      { setResponsePage(A.class); }


      // ------------------------

      Clicking the link on the home page A will successfully navigate to page B. Clicking the link on page B should navigate to page A. Under Wicket 6.2.0, or Wicket 6.8.0 with cookies, it works. With Wicket 6.8.0 and url-encoding, it tries to redirect to an incorrect URL like


      which fails (note the double slash and repeated context/filter in the URL).

      It is possible to configure Tomcat to use url encoding instead of cookies for session management by editing the conf/context.xml file within the Tomcat installation and making the root element of that file read:

      <Context cookies="false">


        1. jira5202.tgz
          6 kB
          James Gifford

          Issue Links



              • Assignee:
                mgrigorov Martin Tzvetanov Grigorov
                jamesgifford James Gifford
              • Votes:
                0 Vote for this issue
                2 Start watching this issue


                • Created: