Hello,
I think this has nothing to do with the Wicket framework. It's more of a
problem with the application server and its configuration. We're using
Tomcat and in our web.xml we have the following:
<session-config>
<tracking-mode>COOKIE</tracking-mode><session-timeout>30</session-timeout>
</session-config>
to prevent the session Id at URLs. Correct me if I'm wrong.
Cheers,
Dirk
Am 13.02.2025 um 05:01 schrieb sundar saba:
Hi all,
I am using wicket and spring security in my application
whenever I hithttp://locahost:8080 jsessionid also append in my URL like
this
"http://localhost:8080login;jsessionid=node0qeht29rsyhxh5yrjvr0sxmxu6.node0";
because of that I am getting the following exception from spring security
org.springframework.security.web.firewall.RequestRejectedException: The
request was rejected because the URL contained a potentially malicious
String ";"
Can you please help me how to prevent appending jsessionid in the URL.
--
Dirk Forchel
Software Engineer
Telefon +49 (351) 4108-115
Fax +49 (351) 4108-5115
[email protected]
www.exedio.com
exedio Gesellschaft für Softwareentwicklung mbH
Buchenstraße 16 B
01097 Dresden
Deutschland
Handelsregister: HRB 22109, Amtsgericht Dresden
Sitz der Gesellschaft: Dresden
Geschäftsführer: Sven-Erik Bornscheuer, Lutz Kirchner, Falk Krause
