tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Torsten Glunde <>
Subject Session Tracking Tocmat3.1
Date Thu, 15 Jun 2000 08:12:02 GMT

I have two points you may want to consider within Tomcat 3.2 release.

To have Session Tracking work without cookies I went into two problems with the
source download from 6th June 2000.

1. Request Interceptor.
In the RequestInterceptor I found the code to get the sessionid from a cookie.
But nowhere it would be read from url. I wrote my own Interceptor, attached to
this mail, which looks it up from url if the cookie fails. Is this implemented
somewhere else, or do I need it? In our configuration Session tracking won't work
without my own Interceptor.

2. encodeURL/encoderedirectURL
in the HttpServletResponseFacade class in the isEncodeable member on our internal
testing web server the url.getPort() method returns the port as not available. So
I added url.getPort()!=-1 to avoid the encodeURL method failing when the
serverport is not available from the url.May this give security leak?

Torsten Glunde

Anil Vijendran schrieb:

> Sounds good. +1.
> wrote:
> > [[ second attempt; I didn't see my first mail on the subject on the list ]]
> >
> > It looks like no release manager is going to come forward, so unless there
> > are any objections I'll resume the role.
> >
> > My proposal is simple: I plan to put out a milestone drop sometime this
> > weekend, and then put out milestones approximately weekly, working towards
> > a rough target of the fourth of July.  When we are closer, I will spawn off
> > a CVS branch.
> >
> > So note: I am not proposing any functionallity that I see as must-have, I
> > simply believe that there needs to be a stable ship vehicle for all the
> > good work (e.g.: performance, JNI connectors, NT service, JAXP, ...) to
> > date.  If there are things that people believe must be in, please let me
> > know (preferably by posting it on the mailing list).
> >
> > - Sam Ruby
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail:
> > For additional commands, e-mail:
> --
> Peace, Anil +<:-)
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

View raw message