Thank you for the great hint! It seems like a lot of people have a problem JSESSIONID cookie being lost by Tomcat when switching from HTTPS to HTTP. We are switching in the opposite direction, but I assume the could be problematic as well.
At this point we are willing to force HTTPS for the entire webapp in order to avoid this problem. What's the recommended way to force all requests to go over HTTPS in production and go over HTTP in development? Should we use <transport-guarantee>CONFIDENTIAL</transport-guarantee> in web.xml and also override protected IRequestCycleProcessor newRequestCycleProcessor() as explained here: https://cwiki.apache.org/WICKET/how-to-switch-to-ssl-mode.html Thanks, Alec On Sat, Apr 30, 2011 at 7:10 PM, Igor Vaynberg <igor.vaynb...@gmail.com> wrote: > this is because cookies created in http are not transferred to https > and viceversa afair. i think this can be changed by turning off secure > cookies in tomcat or something like that. > > -igor > > > On Sat, Apr 30, 2011 at 6:06 PM, Alec Swan <alecs...@gmail.com> wrote: >> Even if the next request is made from inside an IFrame? If so, is this >> problem definitely a problem with the load balancer setup? >> >> Our hosting company ran HTTP trace and said this: >> >>> Customer connects to the cluster via HTTP, in this case they are routed to >>> web2. >>>This packet passes through the load balancer, where a cookie is added by the >>>LB. It adds a cookie to every packet that comes back from the server, so >>> that the next connection goes to the same server. >>> >>> In the next request from the client to the server, we see both cookies in >>> place. >>> >>> This continues on normally for a while with all packet headers containing >>> the Cookies above. >>> >>> web1 suddenly gets a request for https, that does not contain any cookies, >>> this has to be a new connection, there are no LB or JSESSION >>> Cookies in these packets. >>> >>> Then, the next request goes back to web2 at this point we know we're going >>> to get an error, after the above happens. >> >> What happens is that the user is browsing the web site and then clicks >> a link which pops up a modal window with @RequireHttps annotation on >> it. This is when the modal window shows an error saying that page >> cannot be found in the page map. >> >> We continue working with the hosting company, but we would appreciate >> any thoughts on this. >> >> Thanks, >> >> Alec >> >> On Sat, Apr 30, 2011 at 6:16 PM, Igor Vaynberg <igor.vaynb...@gmail.com> >> wrote: >>> one does not need to copy cookies because browsers retain them across >>> requests. >>> >>> -igor >>> >>> >>> On Sat, Apr 30, 2011 at 5:01 PM, Alec Swan <alecs...@gmail.com> wrote: >>>> Hello, >>>> >>>> I tried copying all cookies from the HTTP request to HTTP response and >>>> it seemed to have a positive effect (unless our hosting company fixed >>>> something on their load balancer). However, I would expect Wicket to >>>> copy cookies from request to response by default, is this true? >>>> >>>> Here is the code I added trying to fix the problem with the load >>>> balancer cookie being lost: >>>> >>>> // copy all cookies from parent page to modal window in order to >>>> support sticky sessions on load balancer >>>> Cookie[] cookies = ((WebRequest) >>>> getRequestCycle().getRequest()).getCookies(); >>>> for (Cookie cookie : cookies) { >>>> ((WebResponse) >>>> getRequestCycle().getResponse()).addCookie(cookie); >>>> } >>>> >>>> Thanks, >>>> >>>> Alec >>>> >>>> On Fri, Apr 29, 2011 at 4:17 PM, Alec Swan <alecs...@gmail.com> wrote: >>>>> Hello, >>>>> >>>>> We just put our webapp behind a load balancer with sticky sessions. >>>>> After that we started noticing that load balancer cookie gets lost >>>>> when a modal window is popped up by a link click. Here is the code we >>>>> use to display the modal window: >>>>> >>>>> new AjaxLink("editLink") >>>>> { >>>>> @Override >>>>> public void onClick(AjaxRequestTarget target) { >>>>> modalWindow.setPageCreator(new >>>>> ModalWindow.PageCreator() { >>>>> @Override >>>>> public Page createPage() { >>>>> .... >>>>> } >>>>> } >>>>> }); >>>>> >>>>> How can we make sure that cookies get preserved when we pop up a modal >>>>> window? >>>>> >>>>> Thanks, >>>>> >>>>> Alec >>>>> >>>> >>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >>>> For additional commands, e-mail: users-h...@wicket.apache.org >>>> >>>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >>> For additional commands, e-mail: users-h...@wicket.apache.org >>> >>> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >> For additional commands, e-mail: users-h...@wicket.apache.org >> >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org > For additional commands, e-mail: users-h...@wicket.apache.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org For additional commands, e-mail: users-h...@wicket.apache.org
