[WICKET-6432] SignInPanel causes infinite redirect loop if session id is suppressed in URL - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Not A Problem
Affects Version/s: 7.8.0
Fix Version/s: None
Component/s: wicket-auth-roles
Labels:
None

Description

The attached, very simple quickstart causes an infinite redirection loop. It consists of a AuthenticatedPage, which is annotated by @AuthorizeInstantiation, and a LoginPage, using a SingInPanel, which is set up as home page.
The trouble begins if one opens the HTTP URL after signing in with HTTPS.
It happens only if Jetty is forced to suppress the session id as URL parameter (see Jetty 9.2.X documentation):

    WebAppContext bb = new WebAppContext();

    // The following line causes the trouble
    bb.setInitParameter("org.eclipse.jetty.servlet.SessionIdPathParameterName", "none");

Steps to reproduce:

Start the application in test/java/quickstart/Start
Open https://localhost:8443
Sign in using "user" and "password"
After redirected to the AuthenticatedPage, open http://localhost:8080

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

redirect-loop.zip
02/Aug/17 15:13
26 kB
Simon Erhardt

Activity

People

Assignee:: Martin Tzvetanov Grigorov

Reporter:: Simon Erhardt

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 02/Aug/17 15:13

Updated:: 07/Aug/19 08:13

Resolved:: 07/Aug/19 08:13