Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Not A Problem
-
7.8.0
-
None
-
None
Description
The attached, very simple quickstart causes an infinite redirection loop. It consists of a AuthenticatedPage, which is annotated by @AuthorizeInstantiation, and a LoginPage, using a SingInPanel, which is set up as home page.
The trouble begins if one opens the HTTP URL after signing in with HTTPS.
It happens only if Jetty is forced to suppress the session id as URL parameter (see Jetty 9.2.X documentation):
WebAppContext bb = new WebAppContext(); // The following line causes the trouble bb.setInitParameter("org.eclipse.jetty.servlet.SessionIdPathParameterName", "none");
Steps to reproduce:
- Start the application in test/java/quickstart/Start
- Open https://localhost:8443
- Sign in using "user" and "password"
- After redirected to the AuthenticatedPage, open http://localhost:8080