The PaxWebSessionHandler generates incorrect session value when whiteboard.context.name contains a dot #1958
Comments
|
Good find @PeterSuna - this code is not the best one I've ever wrote and it's related to awkward "session per OSGi context" implementation for a runtime that doesn't support this. Thanks for providing a reproducer, I'll check this soon! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When using whiteboard.context.name with the dot '.' character in an application, a new session cookie value is created with every request. The issue arises from the incorrect appending of the value after the dot with each request, leading to a long session value.
According to the provided whiteboard.context.name definitions, using a dot character in context.name should be allowed:
However, when the context.name is set to value "apidoc.id", the ".id" value is appended with every request, resulting in the session value:
"node01jmi7pmi7j6b8f3dwvof7xlpw3.id.id.id.id.id.id.id.id.id.id.id.id.id.id.id.id.node0"
This behavior occurs due to the following line of code in the PaxWebSessionHandler class, which takes the index of the first dot character after the tilde character:
org.ops4j.pax.web/pax-web-jetty/src/main/java/org/ops4j/pax/web/service/jetty/internal/PaxWebSessionHandler.java
Line 51 in a836e48
For example, given:
eid = node01jmi7pmi7j6b8f3dwvof7xlpw3~apidoc##apidoc.id.node0The getExtendedId method returns:
node01jmi7pmi7j6b8f3dwvof7xlpw3 + .id.node0Instead of:
node01jmi7pmi7j6b8f3dwvof7xlpw3 + .node0The text was updated successfully, but these errors were encountered: