https://issues.apache.org/bugzilla/show_bug.cgi?id=53469
--- Comment #14 from Mark Thomas <ma...@apache.org> --- Folks, please re-read comment #11. The output of encodeURL() is not and never will be normalized. However, the Javadoc for encodeURL() allows/requires Tomcat to check if the session needs to be encoded in the provided URL. One of the checks Tomcat uses is whether or not the URL provided to encodeURL() is part of the web application. To do this correctly Tomcat has to construct a absolute, normalized URL to check whether the resulting URL is within the web application. This requires converting relative URLs to absolute and the only basis Tomcat has for doing this is the current request URL. Wicket is doing "unusual" things in pre-generating content for a different URL than the current one. This is causing problems for relative URLs. I have yet to find any evidence that any other framework does this. At the moment this looks like a Wicket specific issue. As previously stated, I will be changing Tomcat so that if the "is the URL part of the webapp" test fails (e.g. because normalization fails) the result will be that the session ID is not added to the URL. That may or may not be sufficient to fix this for Wicket. Some feedback on this would be appreciated. In terms of further fixing, I am leaning towards this being a Wicket specific issue (and hence a Wicket problem to fix) but I am open to contrary arguments. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
