Tomcat, and presumably other JEE app containers, now allow the
specification of the name of the JSESSIONID parameter to use in the URL
(even though cookies are largely used in place of this the initial hit
on a web site will include the jsessionid parameter by default)
This is done by setting a <Context> attribute called 'sessionCookieName'
e.g.
<Context sessionCookieName="JSESSIONID-Integration" ... >
This can be specified in mixed case and Tomcat will preserve the case.
Wicket allows a matching value to be specified via a Java -D command
line option:
e.g.
-Dwicket.jsessionid.name=JSESSIONID-Integration
However Wicket's Strings.stripJSessionId() method assumes that the
JSESSIONID parameter name is always in lowercase which causes failures
if it is not:
public static String stripJSessionId(final String url)
{
if (Strings.isEmpty(url))
{
return url;
}
// http://.../abc;jsessionid=...?param=...
int ixSemiColon =
url.toLowerCase(Locale.ROOT).indexOf(SESSION_ID_PARAM); <-- seemingly
unnecessary, unwanted toLowerCase() call
if (ixSemiColon == -1)
{
return url;
}
...
}
Is there any need for the toLowerCase() method call in there? No app
container should be performing a "to lower case" on the parameter name
and URLs in general can have case sensitive parameter names in query
parameters etc., so the toLowerCase seems redundant and it causes issues
as detailed above.
Regards,
Chris
