Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Google search results turn up sessionIDs in the URL. #600

Closed
gitblit opened this issue Aug 12, 2015 · 6 comments
Closed

Google search results turn up sessionIDs in the URL. #600

gitblit opened this issue Aug 12, 2015 · 6 comments

Comments

@gitblit
Copy link
Owner

@gitblit gitblit commented Aug 12, 2015

Originally reported on Google Code with ID 304

What steps will reproduce the problem?
I'm not sure what causes it. but I am seeing in my server access logs that google is
browsing using the session ID appended to the end of the URL.  I am also seeing search
results show up in Google with random session IDs.

What is the expected output? What do you see instead?
I expect session IDs not to be in the URL.  I read here for example that if a session
ID is being appended to the URL it is likely the application is generating a session
ID when it shouldn't be.  i.e. if google is browsing a public page then there shouldn't
be a need for the page to generate a session.  http://tomcat.10.x6.nabble.com/JSESSIONID-and-impact-on-google-td2155492.html

What version of the product are you using? On what operating system?
1.3.0

Please provide any additional information below.
You can search for my gitblit server here: https://encrypted.google.com/#q=konverge+source+pom

First few links show the session ID "ZID" set ...

Reported by nasrollah.kavian on 2013-09-04 04:39:22

@gitblit
Copy link
Owner Author

@gitblit gitblit commented Aug 12, 2015

Wicket is injecting the session ID into the URL.  I will investigate to see if it can
be easily stripped.

Reported by James.Moger on 2013-09-05 13:16:56

@gitblit
Copy link
Owner Author

@gitblit gitblit commented Aug 12, 2015

Best solution I'd go with is to add rel="canonical" to the page.

https://support.google.com/webmasters/answer/139394?hl=en

Reported by chorohoe@wikimedia.org on 2013-09-12 01:51:39

@gitblit
Copy link
Owner Author

@gitblit gitblit commented Aug 12, 2015

canonical would be a workaround but not a fix.  I would assume that if Wicket is injecting
session IDs for non-logged-in browsing then the fix would be to stop creating a session
when a user is not logged in.

Another useful link I ran into.
http://stackoverflow.com/questions/6808331/why-is-jsessionid-appearing-in-wicket-urls-when-cookies-are-enabled

Reported by nasrollah.kavian on 2013-09-12 04:35:50

@gitblit
Copy link
Owner Author

@gitblit gitblit commented Aug 12, 2015

Great stackoverflow link.  What it tells me is that the container does this.  Session
management with Wicket is complex when you want to _not_ create a session.  Actually,
it's almost impossible in practice as Wicket excels at creating stateful pages, not
stateless ones.  Unfortunately, to change out Wicket for something else would be a
complete rewrite.  And I am not opposed to that... eventually for Gitblit 2.

I'll investigate integrating the rel="canonical" workaround to solve the immediate
need.

Reported by James.Moger on 2013-10-25 14:03:26

  • Status changed: Accepted
  • Labels added: Milestone-1.4.0

@gitblit
Copy link
Owner Author

@gitblit gitblit commented Aug 12, 2015

Given the choice between the link tag and the link header, I went with the link header
because it's cleaner for me to implement.  According to Google both work equally well.
 Pushed to master.

As for stripping the session id from the initial url, I'll investigate further to see
if I can prevent that from occurring.

Reported by James.Moger on 2013-10-25 16:26:36

  • Status changed: Queued

@gitblit
Copy link
Owner Author

@gitblit gitblit commented Aug 12, 2015

1.4.0 released.

Reported by James.Moger on 2014-03-09 18:06:21

  • Status changed: Done

@gitblit gitblit closed this as completed Aug 12, 2015
@flaix flaix added this to the 1.4.0 milestone Dec 13, 2016
@flaix flaix added this to the 1.4.0 milestone Dec 13, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants