Google search results turn up sessionIDs in the URL.

[gitblit]

Originally reported on Google Code with ID 304

What steps will reproduce the problem?
I'm not sure what causes it. but I am seeing in my server access logs that google is
browsing using the session ID appended to the end of the URL.  I am also seeing search
results show up in Google with random session IDs.

What is the expected output? What do you see instead?
I expect session IDs not to be in the URL.  I read here for example that if a session
ID is being appended to the URL it is likely the application is generating a session
ID when it shouldn't be.  i.e. if google is browsing a public page then there shouldn't
be a need for the page to generate a session.  http://tomcat.10.x6.nabble.com/JSESSIONID-and-impact-on-google-td2155492.html

What version of the product are you using? On what operating system?
1.3.0

Please provide any additional information below.
You can search for my gitblit server here: https://encrypted.google.com/#q=konverge+source+pom

First few links show the session ID "ZID" set ...

Reported by nasrollah.kavian on 2013-09-04 04:39:22

[gitblit]

Wicket is injecting the session ID into the URL.  I will investigate to see if it can
be easily stripped.

Reported by James.Moger on 2013-09-05 13:16:56

[gitblit]

Best solution I'd go with is to add rel="canonical" to the page.

https://support.google.com/webmasters/answer/139394?hl=en

Reported by chorohoe@wikimedia.org on 2013-09-12 01:51:39

[gitblit]

canonical would be a workaround but not a fix.  I would assume that if Wicket is injecting
session IDs for non-logged-in browsing then the fix would be to stop creating a session
when a user is not logged in.

Another useful link I ran into.
http://stackoverflow.com/questions/6808331/why-is-jsessionid-appearing-in-wicket-urls-when-cookies-are-enabled

Reported by nasrollah.kavian on 2013-09-12 04:35:50

[gitblit]

Great stackoverflow link.  What it tells me is that the container does this.  Session
management with Wicket is complex when you want to _not_ create a session.  Actually,
it's almost impossible in practice as Wicket excels at creating stateful pages, not
stateless ones.  Unfortunately, to change out Wicket for something else would be a
complete rewrite.  And I am not opposed to that... eventually for Gitblit 2.

I'll investigate integrating the rel="canonical" workaround to solve the immediate
need.

Reported by James.Moger on 2013-10-25 14:03:26

• Status changed: Accepted
• Labels added: Milestone-1.4.0

[gitblit]

Given the choice between the link tag and the link header, I went with the link header
because it's cleaner for me to implement.  According to Google both work equally well.
 Pushed to master.

As for stripping the session id from the initial url, I'll investigate further to see
if I can prevent that from occurring.

Reported by James.Moger on 2013-10-25 16:26:36

• Status changed: Queued

[gitblit]

1.4.0 released.

Reported by James.Moger on 2014-03-09 18:06:21

• Status changed: Done