When creating a WebSocket connection, Wicket tries to check if session id is tracked by URL or by cookies.
The code is in the org.apache.wicket.protocol.ws.api.BaseWebSocketBehavior#getSessionId(Component component)
It uses a hardcoded sessionId cookie name (JSESSIONID). So when an application uses a different sessionId cookie name, this code wrongly assumes there is no cookie with session id and appends session Id in the websocket connection URL.
I think it should use to get session id cookie name