geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "D. Strauss (JIRA)" <>
Subject [jira] Commented: (GERONIMO-2192) Jetty can't handle encoded urls that contain a jsessionid
Date Sat, 04 Nov 2006 08:30:17 GMT
    [ ] 
D. Strauss commented on GERONIMO-2192:

Hello, Nikla

yes, I use AJP for Geronimo/Jetty. I've never tried to access the webpages on Geronimo's Port
directly ... well, I'm not quite sure about this.

Anyway, I agree that it is the same bug (JETTY-38). I'll try to switch to Jetty again to test
it. I also downloaded the new 1.2 weekly build for testing purpose. Maybe the Geronimo people
have already fixed this problem. Maybe they also considered to switch to Jetty 6 (greetings
to the Glassfish people :P).

I still remember the good old Geronimo 1.0 days .. ;)

> Jetty can't handle encoded urls that contain a jsessionid
> ---------------------------------------------------------
>                 Key: GERONIMO-2192
>                 URL:
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>    Affects Versions: 1.1
>         Environment: Geronimo 1.1, Jetty version; Sun JDK 1.5_4, OpenSuSE 10.1, 712 MB
>            Reporter: D. Strauss
>            Priority: Critical
> Hello,
> another testing here was to check if a webapp would still be usable when the user blocks
any cookies from us. JEE typically uses a cookie named JSESSIONID (I think this is specified
somewhere) to identify a user at a web request time. Now, if cookies are blocked, the developers
are instructed to "encode" the urls using the HttpServletResponse.encode() method. Even the
JSTL and c:url use this behaviour (fortunately :P).
> Anyway, today, Jetty had some problems when cookies are blocked. The urls are encoded
at request time, so, a url like
> /register.jspx
> becomes
> /register.jspx;jsessionid=<long hexadecimal value>
> Using Tomcat, everything works as expected (i.e. the user gets identified as long as
he/she uses the session identifier). Jetty, on the other hand, drops the request with a HTTP
404 error telling that it can't find a file named "register.jspx;jsessionid=<long value>".
This is, of course, right. However, it's not the expected behaviour.
> Seems that Jetty can't figure out that this request is encoded ...

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators:
For more information on JIRA, see:


View raw message