Hi,
Op 25-3-2012 18:59, schreef Martin Grigorov:
On Sun, Mar 25, 2012 at 7:19 PM, Bas Gooren<b...@iswd.nl> wrote:
https://issues.apache.org/jira/browse/WICKET-4468
Thanks!
We will consider it.
Ok: here's whats happening:
- A request comes in for /login
- WebPageRenderer:264-266 stores the buffered response in the session and
redirects to /login?0
- WebPageRenderer:214 redirects to /login, since that is what the target
page is mounted at
So because no buffered response is found, the /login?0 url is processed by
the WebPageRenderer. It checks if the current url is "correct" for the
current page. If not, it redirects to the correct url.
This can be a major problem when apps have bookmarkable stateful pages which
are opened by clients which do not support sessions.
I encountered this bug as follows:
- I have my app in the root context of my tomcat server in eclipse WTP (web
tools)
- when I start tomcat through eclipse, WTP checks if the server is running
by requesting the "/" url
- Eclipse WTP performs the request with a sessionless client; We also force
wicket to never include jessionid in the url
- since this app requires authentication, "/" redirects to "/login"
- /login was (unexpectedly) stateful, due to a hidden "logout" link
- Eclipse WTP ended up in an infinite redirect loop, until it decided after
30 seconds that tomcat was unable to start and kills the tomcat process
What are the values of currentUrl and targetUrl at the top of the
method body at the second request (the redirect) ?
I expect current to be login?0 because this is what is requested.
I also expect the target url to be login?0 because the page is
stateful (thus ?pageId) and is freshly constructed (thus pageId is
again 0).
Is this correct ?
In which if/else clause it goes after that ?
After the redirect the currentUrl is "login?0" and the targetUrl is "login".
So when a request comes in for "login" we fall through to the if/else at
line 264 since the targetUrl2 is "login?0"; So only after rendering the
page does wicket know it's stateful (makes sense).
When the request for "login?0" comes in, targetUrl is "login", since
wicket does not yet know the page is stateful and no buffered response
is found. Thus, the if/else at line 214 is triggered, which redirects to
"login" (targetUrl).
So basically this is a chicken/egg problem: wicket won't know if the
page is stateful until after it is rendered. Due to some shortcuts at
the top of WebPageRenderer#respond() which ignore statefull/stateless
differences we get an infinite redirect loop.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org
