You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When using whiteboard.context.name with the dot '.' character in an application, a new session cookie value is created with every request. The issue arises from the incorrect appending of the value after the dot with each request, leading to a long session value.
According to the provided whiteboard.context.name definitions, using a dot character in context.name should be allowed:
However, when the context.name is set to value "apidoc.id", the ".id" value is appended with every request, resulting in the session value:
"node01jmi7pmi7j6b8f3dwvof7xlpw3.id.id.id.id.id.id.id.id.id.id.id.id.id.id.id.id.node0"
This behavior occurs due to the following line of code in the PaxWebSessionHandler class, which takes the index of the first dot character after the tilde character:
Good find @PeterSuna - this code is not the best one I've ever wrote and it's related to awkward "session per OSGi context" implementation for a runtime that doesn't support this.
Thanks for providing a reproducer, I'll check this soon!
When using whiteboard.context.name with the dot '.' character in an application, a new session cookie value is created with every request. The issue arises from the incorrect appending of the value after the dot with each request, leading to a long session value.
According to the provided whiteboard.context.name definitions, using a dot character in context.name should be allowed:
However, when the context.name is set to value "apidoc.id", the ".id" value is appended with every request, resulting in the session value:
"node01jmi7pmi7j6b8f3dwvof7xlpw3.id.id.id.id.id.id.id.id.id.id.id.id.id.id.id.id.node0"
This behavior occurs due to the following line of code in the PaxWebSessionHandler class, which takes the index of the first dot character after the tilde character:
org.ops4j.pax.web/pax-web-jetty/src/main/java/org/ops4j/pax/web/service/jetty/internal/PaxWebSessionHandler.java
Line 51 in a836e48
For example, given:
eid = node01jmi7pmi7j6b8f3dwvof7xlpw3~apidoc##apidoc.id.node0
The getExtendedId method returns:
node01jmi7pmi7j6b8f3dwvof7xlpw3 + .id.node0
Instead of:
node01jmi7pmi7j6b8f3dwvof7xlpw3 + .node0
The text was updated successfully, but these errors were encountered: