Open PeterSuna opened 3 weeks ago
Good find @PeterSuna - this code is not the best one I've ever wrote and it's related to awkward "session per OSGi context" implementation for a runtime that doesn't support this.
Thanks for providing a reproducer, I'll check this soon!
When using whiteboard.context.name with the dot '.' character in an application, a new session cookie value is created with every request. The issue arises from the incorrect appending of the value after the dot with each request, leading to a long session value.
According to the provided whiteboard.context.name definitions, using a dot character in context.name should be allowed:
However, when the context.name is set to value "apidoc.id", the ".id" value is appended with every request, resulting in the session value: "node01jmi7pmi7j6b8f3dwvof7xlpw3.id.id.id.id.id.id.id.id.id.id.id.id.id.id.id.id.node0"
This behavior occurs due to the following line of code in the PaxWebSessionHandler class, which takes the index of the first dot character after the tilde character: https://github.com/ops4j/org.ops4j.pax.web/blob/a836e4847b6a339d1d1bc826080bb484cb3b9aa0/pax-web-jetty/src/main/java/org/ops4j/pax/web/service/jetty/internal/PaxWebSessionHandler.java#L51
For example, given:
eid = node01jmi7pmi7j6b8f3dwvof7xlpw3~apidoc##apidoc.id.node0
The getExtendedId method returns:
node01jmi7pmi7j6b8f3dwvof7xlpw3 + .id.node0
Instead of:
node01jmi7pmi7j6b8f3dwvof7xlpw3 + .node0