tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Bauman <n...@cortexity.com>
Subject Re: Issue with SessionUtil.encodeURL on SSL servers
Date Fri, 25 Aug 2000 20:04:05 GMT
This sounds like a bona-fide bug. Will you fill out a bug report?

http://znutar.cortexity.com

-Nick

On Fri, 25 Aug 2000, Arieh Markel wrote:

> During my work on adapting my application to work with 3.2 I am running
> into a couple of issues.
> 
> While browsing through the code, I ran across some problem that
> may arise when using SessionUtil.encodeURL under SSL.
> 
> The code shows:
> 
> 	// Encode all relative URLs unless they start with a hash
>         if (!url.startsWith("http:")) {
>             if (!url.startsWith("#"))
>                 return (encode(id, url));
>             else
>                 return (url);
>         }
> 
>         // Encode all absolute URLs that return to this hostname
>         String serverName = req.getServerName();
>         String match = "http://" + serverName;
>         if (url.startsWith("http://" + serverName))
>             return (encode(id, url));
>         else
>             return (url);
> 
> 
> What is evident is the hardcoding of http, which is bound not to
> work on an SSL enabled Tomcat.
> 
> The more appropriate thing is to use the request's schema to use correct
> logic.
> 
> Arieh
> --
>  Arieh Markel		                Sun Microsystems Inc.
>  Network Storage                        500 Eldorado Blvd. MS UBRM11-194
>  e-mail: arieh.markel@sun.COM           Broomfield, CO 80021
>  Let's go Panthers !!!!                 Phone: (303) 272-8547 x78547
>  (e-mail me with subject SEND PUBLIC KEY to get public key)
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
> 


Mime
View raw message