Another session problem

Hans Hübner hans.huebner at gmail.com
Thu Mar 20 08:43:13 UTC 2014 

Hi Nicolas,

what you're seeing is Hunchentoot rewriting the contents of forms so that a
session ID parameter is automagically added to forms for clients that do
not have cookies enabled.  The documentation mentions that this is done
unless *rewrite-for-session-urls* is NIL.  I am not sure whether the
functionality is working all that well, as I have not been using it in the
past.  If you do not need to support sessions without cookies, I'd
recommend that you disable the functionality.  If you do need it, it would
be helpful if you could debug some more to pinpoint where the behavior is
actually wrong.

Thanks,
Hans


2014-03-20 9:22 GMT+01:00 Nicolas Neuss <neuss at scipolis.de>:

> Hello,
>
> I have the following problem.
>
> Hunchentoot 1.2.26/SBCL 1.0.57 is serving pages from behind Apache.
> More precisely, my Apache config is
>
> <VirtualHost *:80>
>         ServerAdmin neuss at scipolis.de
>         ServerName yyy.math.fau.de
>         ServerAlias yyy.math.fau.de
>
>         DocumentRoot /var/www
>         <Directory />
>                 Options FollowSymLinks
>                 AllowOverride None
>         </Directory>
>         <Directory /var/www/>
>                 Options FollowSymLinks MultiViews
>                 AllowOverride None
>                 Order allow,deny
>                 allow from all
>         </Directory>
>
>         ErrorLog ${APACHE_LOG_DIR}/error.log
>         ErrorDocument 404 /index.html
>
>         ProxyRequests     Off
>         ProxyPass /wissen http://localhost:8002
>         ProxyPassReverse /wissen http://localhost:8002
> </VirtualHost>
>
> Now when accessing the page
>
>   <http://yyy.math.fau.de/wissen/admin-login?nr=4>
>
> for the first time (!), the "form" gets an additional "action" parameter
> which is an absolute path like
>
> <form method=post
> action='/admin-login?nr=4&hunchentoot-session=17997%3A98C123D51D88E2BDBD28DC2E00D16E42'>
>
> while "href"s are (correctly) relative like
> <a
> href='about?hunchentoot-session=17997%3A98C123D51D88E2BDBD28DC2E00D16E42'>Informationen</a>
>
> This leads to a wrong redirection when submitting the form.
>
> Is this a bug or is anything wrong with my setup?
>
> I'm using Hunchentoot 1.2.26 from Quicklisp.
>
> Thank you,
>
> Nicolas
>
> P.S.: If one refreshes the page after first access the action parameter
> goes away and everything works as desired.  Also with redirecting to the
> login page I can remove this behaviour, but I would like to
> understand what is going on here.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.common-lisp.net/pipermail/tbnl-devel/attachments/20140320/25e8a2cc/attachment.html>

More information about the Tbnl-devel mailing list