httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@rowe-clan.net>
Subject Re: svn commit: r686809 - /httpd/httpd/trunk/modules/proxy/mod_proxy_balancer.c
Date Wed, 20 Aug 2008 03:21:38 GMT
Bill Barker wrote:
> 
> No, an un-escaped semicolon is a reserved character by RFC 2396, section 
> 2.2.  Since RFC 2616 section 3.2.1 uses 2396 as a reference, then an 
> un-escaped semicolon isn't valid in a session-id.  Of course the patch 
> doesn't totally work since something like:
>    http://www.myfirm.com/myapp;foo=bar/mycontext;user=me/mypage.jsp;jsessionid=xxyyzz
> is perfectly valid, and by 2396 section 3.3 should map to the same resource 
> as:
>    http://www.myfirm.com/myapp/mycontext/mypage.jsp
> (just that the resource can return different content depending on the 
> params).  Of course, Tomcat doesn't handle this case correctly either.

Just to be clear, the 2396 property foo=bar refers only to /myapp,
and not specifically /myapp/mycontext and has no bearing on
/myapp/mycontext/mypage.jsp.  That's just a common Java misinterpretation,
and the reason httpd server doesn't specifically support ';' syntax (which
isn't to say it's not generally supported; /myapp is not /myapp;foo=bar).

Unless you can clarify for us what the distinction between;

   http://www.myfirm.com/myapp;foo=bar/mycontext/mypage.jsp
   http://www.myfirm.com/myapp/mycontext;foo=bar/mypage.jsp
   http://www.myfirm.com/myapp/mycontext/mypage.jsp;foo=bar

which might lead me to believe that folks implemented 2396 purposefully.

Mime
View raw message