-
Notifications
You must be signed in to change notification settings - Fork 183
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[8.0.x] The PaxWebSessionHandler generates incorrect session value when whiteboard.context.name contains a dot #1958
Comments
Good find @PeterSuna - this code is not the best one I've ever wrote and it's related to awkward "session per OSGi context" implementation for a runtime that doesn't support this. Thanks for providing a reproducer, I'll check this soon! |
grgrzybek
changed the title
The PaxWebSessionHandler generates incorrect session value when whiteboard.context.name contains a dot
[8.0.x] The PaxWebSessionHandler generates incorrect session value when whiteboard.context.name contains a dot
Aug 13, 2024
grgrzybek
added a commit
that referenced
this issue
Aug 13, 2024
Thanks again @PeterSuna for reporting. I've fixed the issue, but I'll wait with the release for Undertow 2.2.34.Final. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When using whiteboard.context.name with the dot '.' character in an application, a new session cookie value is created with every request. The issue arises from the incorrect appending of the value after the dot with each request, leading to a long session value.
According to the provided whiteboard.context.name definitions, using a dot character in context.name should be allowed:
However, when the context.name is set to value "apidoc.id", the ".id" value is appended with every request, resulting in the session value:
"node01jmi7pmi7j6b8f3dwvof7xlpw3.id.id.id.id.id.id.id.id.id.id.id.id.id.id.id.id.node0"
This behavior occurs due to the following line of code in the PaxWebSessionHandler class, which takes the index of the first dot character after the tilde character:
org.ops4j.pax.web/pax-web-jetty/src/main/java/org/ops4j/pax/web/service/jetty/internal/PaxWebSessionHandler.java
Line 51 in a836e48
For example, given:
eid = node01jmi7pmi7j6b8f3dwvof7xlpw3~apidoc##apidoc.id.node0
The getExtendedId method returns:
node01jmi7pmi7j6b8f3dwvof7xlpw3 + .id.node0
Instead of:
node01jmi7pmi7j6b8f3dwvof7xlpw3 + .node0
The text was updated successfully, but these errors were encountered: