Uploaded image for project: 'Wicket'
  1. Wicket
  2. WICKET-7038 Add support for SameSite setting to CookieDefaults
  3. WICKET-7089

Set cookie SameSite only if the container supports it

    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 10.0.0-M2
    • 10.0.0
    • wicket
    • None

    Description

      https://lists.apache.org/thread/nwnhygmwoodbmx8f5j0rtm5wgy21p5kr

       

      Hi,
in parent pom.xml you are referencing
<jakarta.servlet-api.version>6.0.0</jakarta.servlet-api.version>

but here you state that Servlet 5+ is required:
https://cwiki.apache.org/confluence/display/WICKET/Migration+to+Wicket+10.0#MigrationtoWicket10.0-Wicket10requiresServlet5+

I've been bitten by this today when users couldn't sign in the app as 
CookieUtils.initializeCookie uses 6.0.0 api, start of the stacktrace:

java.lang.NoSuchMethodError: 'void 
jakarta.servlet.http.Cookie.setAttribute(java.lang.String, 
java.lang.String)'
     at 
org.apache.wicket.util.cookies.CookieUtils.initializeCookie(CookieUtils.java:341)
     at 
org.apache.wicket.util.cookies.CookieUtils.save(CookieUtils.java:294)
     at 
org.apache.wicket.util.cookies.CookieUtils.save(CookieUtils.java:168)
     at 
org.apache.wicket.authentication.strategy.DefaultAuthenticationStrategy.save(DefaultAuthenticationStrategy.java:148)

Cookie.setAttribute is not present in 5.0.0 jservlet-api.

      Attachments

        Issue Links

          links to

          Web Link GitHub Pull Request #749

          Activity

            People

              mgrigorov Martin Tzvetanov Grigorov
              mgrigorov Martin Tzvetanov Grigorov
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: