geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "D. Strauss (JIRA)" <>
Subject [jira] Created: (GERONIMO-2192) Jetty can't handle encoded urls that contain a jsessionid
Date Fri, 14 Jul 2006 13:51:13 GMT
Jetty can't handle encoded urls that contain a jsessionid

                 Key: GERONIMO-2192
             Project: Geronimo
          Issue Type: Bug
      Security Level: public (Regular issues)
    Affects Versions: 1.1
         Environment: Geronimo 1.1, Jetty version; Sun JDK 1.5_4, OpenSuSE 10.1, 712 MB RAM
            Reporter: D. Strauss
            Priority: Critical


another testing here was to check if a webapp would still be usable when the user blocks any
cookies from us. JEE typically uses a cookie named JSESSIONID (I think this is specified somewhere)
to identify a user at a web request time. Now, if cookies are blocked, the developers are
instructed to "encode" the urls using the HttpServletResponse.encode() method. Even the JSTL
and c:url use this behaviour (fortunately :P).

Anyway, today, Jetty had some problems when cookies are blocked. The urls are encoded at request
time, so, a url like



/register.jspx;jsessionid=<long hexadecimal value>

Using Tomcat, everything works as expected (i.e. the user gets identified as long as he/she
uses the session identifier). Jetty, on the other hand, drops the request with a HTTP 404
error telling that it can't find a file named "register.jspx;jsessionid=<long value>".
This is, of course, right. However, it's not the expected behaviour.

Seems that Jetty can't figure out that this request is encoded ...

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators:
For more information on JIRA, see:


View raw message