tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Torsten Glunde <tglu...@pcf-software.de>
Subject Re: 3.2 beta status update
Date Sun, 02 Jul 2000 23:11:49 GMT
Hi,
>1) URL rewriting seems to be broken again,

For this question I wrote the following some times ago, but without any
answers, perhaps it would help.

I have two points you may want to consider within Tomcat 3.2 release.

To have Session Tracking work without cookies I went into two problems
with the
source download from 6th June 2000.

1. Request Interceptor.
In the RequestInterceptor I found the code to get the sessionid from a
cookie.
But nowhere it would be read from url. I wrote my own Interceptor,
which looks it up from url if the cookie fails. Is this implemented
somewhere else, or do I need it? In our configuration Session tracking
won't work
without my own Interceptor.

2. encodeURL/encoderedirectURL
in the HttpServletResponseFacade class in the isEncodeable member on our
internal
testing web server the url.getPort() method returns the port as not
available. So
I added url.getPort()!=-1 to avoid the encodeURL method failing when the

serverport is not available from the url.May this give security leak?

Torsten Glunde


Mime
View raw message