Hi Nicolas,
what you're seeing is Hunchentoot rewriting the contents of forms so that a session ID parameter is automagically added to forms for clients that do not have cookies enabled. The documentation mentions that this is done unless *rewrite-for-session-urls* is NIL. I am not sure whether the functionality is working all that well, as I have not been using it in the past. If you do not need to support sessions without cookies, I'd recommend that you disable the functionality. If you do need it, it would be helpful if you could debug some more to pinpoint where the behavior is actually wrong.
Thanks, Hans
2014-03-20 9:22 GMT+01:00 Nicolas Neuss neuss@scipolis.de:
Hello,
I have the following problem.
Hunchentoot 1.2.26/SBCL 1.0.57 is serving pages from behind Apache. More precisely, my Apache config is
<VirtualHost *:80> ServerAdmin neuss@scipolis.de ServerName yyy.math.fau.de ServerAlias yyy.math.fau.de
DocumentRoot /var/www <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/> Options FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ErrorLog ${APACHE_LOG_DIR}/error.log ErrorDocument 404 /index.html ProxyRequests Off ProxyPass /wissen http://localhost:8002 ProxyPassReverse /wissen http://localhost:8002
</VirtualHost>
Now when accessing the page
http://yyy.math.fau.de/wissen/admin-login?nr=4
for the first time (!), the "form" gets an additional "action" parameter which is an absolute path like
<form method=post action='/admin-login?nr=4&hunchentoot-session=17997%3A98C123D51D88E2BDBD28DC2E00D16E42'>
while "href"s are (correctly) relative like <a href='about?hunchentoot-session=17997%3A98C123D51D88E2BDBD28DC2E00D16E42'>Informationen</a>
This leads to a wrong redirection when submitting the form.
Is this a bug or is anything wrong with my setup?
I'm using Hunchentoot 1.2.26 from Quicklisp.
Thank you,
Nicolas
P.S.: If one refreshes the page after first access the action parameter goes away and everything works as desired. Also with redirecting to the login page I can remove this behaviour, but I would like to understand what is going on here.