This sounds like a bona-fide bug. Will you fill out a bug report?
http://znutar.cortexity.com
-Nick
On Fri, 25 Aug 2000, Arieh Markel wrote:
> During my work on adapting my application to work with 3.2 I am running
> into a couple of issues.
>
> While browsing through the code, I ran across some problem that
> may arise when using SessionUtil.encodeURL under SSL.
>
> The code shows:
>
> // Encode all relative URLs unless they start with a hash
> if (!url.startsWith("http:")) {
> if (!url.startsWith("#"))
> return (encode(id, url));
> else
> return (url);
> }
>
> // Encode all absolute URLs that return to this hostname
> String serverName = req.getServerName();
> String match = "http://" + serverName;
> if (url.startsWith("http://" + serverName))
> return (encode(id, url));
> else
> return (url);
>
>
> What is evident is the hardcoding of http, which is bound not to
> work on an SSL enabled Tomcat.
>
> The more appropriate thing is to use the request's schema to use correct
> logic.
>
> Arieh
> --
> Arieh Markel Sun Microsystems Inc.
> Network Storage 500 Eldorado Blvd. MS UBRM11-194
> e-mail: arieh.markel@sun.COM Broomfield, CO 80021
> Let's go Panthers !!!! Phone: (303) 272-8547 x78547
> (e-mail me with subject SEND PUBLIC KEY to get public key)
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
>
|