geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "D. Strauss (JIRA)" <>
Subject [jira] Commented: (GERONIMO-2192) Jetty can't handle encoded urls that contain a jsessionid
Date Sat, 04 Nov 2006 09:27:17 GMT
    [ ] 
D. Strauss commented on GERONIMO-2192:


back from "trying" to test the recent weekly build. Funny: it is absolutely unstartable ;)

The 1.2 build still contains the affected jetty version. Seems that Geronimo/Jetty will stay
unusable for my applications. Therefore I must stick with tomcat. Besides from the wsdl problem
here it is usable in some ways.

Niklas: no, I never could do a workaround. At least not on serverside. A J2EE (or JEE) server
MUST handle webclients that don't send you cookies. A web app must work even when the client
(browser, etc.) does not send you the session cookie. Thanks to encoding the url this was
never a problem. And any other information (page color, font size etc.) which the user wishes
to use can be saved in the session scope.

This bug is a server problem. Geronimo will stay with Jetty 5.1 so this is a definite "Good
Bye" for me. I don't want to use server aliases or forcing the users to access the JEE server
directly (port 8080). So, farewell, Geronimo/Jetty :/

If you have other tricks or solutions let me know.

> Jetty can't handle encoded urls that contain a jsessionid
> ---------------------------------------------------------
>                 Key: GERONIMO-2192
>                 URL:
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>    Affects Versions: 1.1
>         Environment: Geronimo 1.1, Jetty version; Sun JDK 1.5_4, OpenSuSE 10.1, 712 MB
>            Reporter: D. Strauss
>            Priority: Critical
> Hello,
> another testing here was to check if a webapp would still be usable when the user blocks
any cookies from us. JEE typically uses a cookie named JSESSIONID (I think this is specified
somewhere) to identify a user at a web request time. Now, if cookies are blocked, the developers
are instructed to "encode" the urls using the HttpServletResponse.encode() method. Even the
JSTL and c:url use this behaviour (fortunately :P).
> Anyway, today, Jetty had some problems when cookies are blocked. The urls are encoded
at request time, so, a url like
> /register.jspx
> becomes
> /register.jspx;jsessionid=<long hexadecimal value>
> Using Tomcat, everything works as expected (i.e. the user gets identified as long as
he/she uses the session identifier). Jetty, on the other hand, drops the request with a HTTP
404 error telling that it can't find a file named "register.jspx;jsessionid=<long value>".
This is, of course, right. However, it's not the expected behaviour.
> Seems that Jetty can't figure out that this request is encoded ...

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators:
For more information on JIRA, see:


View raw message