Thanks! Sven
Am 9. Dezember 2020 16:24:53 MEZ schrieb Martin Grigorov <mgrigo...@apache.org>: >https://issues.apache.org/jira/browse/WICKET-6858 > >On Tue, Dec 8, 2020 at 11:19 AM Sven Meier <s...@meiers.net> wrote: > >> Hi Chris, >> >> that #toLowerCase() has been introduced with WICKET-4816. >> >> The commit does not mention anything about the requirement for a >lower >> case comparison, and the test does not enforce it either: >> >> >> >https://github.com/apache/wicket/commit/66bfc8851c0250c02ff6ee0af0f42407a7873ca5#diff-2eff23be497b622b61b1181a1a97d8dcd70143cde2f14d644df573b3ecf7b5f5 >> >> So this has probably been just an unnecessary precaution. >> >> Please open an issue. >> >> Thanks >> Sven >> >> >> On 08.12.20 08:48, Chris Colman wrote: >> > Tomcat, and presumably other JEE app containers, now allow the >> > specification of the name of the JSESSIONID parameter to use in the >> > URL (even though cookies are largely used in place of this the >initial >> > hit on a web site will include the jsessionid parameter by default) >> > >> > This is done by setting a <Context> attribute called >'sessionCookieName' >> > >> > e.g. >> > >> > <Context sessionCookieName="JSESSIONID-Integration" ... > >> > >> > This can be specified in mixed case and Tomcat will preserve the >case. >> > >> > Wicket allows a matching value to be specified via a Java -D >command >> > line option: >> > >> > e.g. >> > >> > -Dwicket.jsessionid.name=JSESSIONID-Integration >> > >> > However Wicket's Strings.stripJSessionId() method assumes that the >> > JSESSIONID parameter name is always in lowercase which causes >failures >> > if it is not: >> > >> > >> > public static String stripJSessionId(final String url) >> > { >> > if (Strings.isEmpty(url)) >> > { >> > return url; >> > } >> > >> > // http://.../abc;jsessionid=...?param=... >> > int ixSemiColon = >> > url.toLowerCase(Locale.ROOT).indexOf(SESSION_ID_PARAM); <-- >> > seemingly unnecessary, unwanted toLowerCase() call >> > if (ixSemiColon == -1) >> > { >> > return url; >> > } >> > >> > ... >> > >> > } >> > >> > >> > Is there any need for the toLowerCase() method call in there? No >app >> > container should be performing a "to lower case" on the parameter >name >> > and URLs in general can have case sensitive parameter names in >query >> > parameters etc., so the toLowerCase seems redundant and it causes >> > issues as detailed above. >> > >> > >> > Regards, >> > >> > Chris >> > >> > >> > >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org >> For additional commands, e-mail: users-h...@wicket.apache.org >> >>