tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 6600] New: - enodeURL adds 'jsession' when 'isRequestedSessionIdFromURL' returns false
Date Wed, 20 Feb 2002 23:43:16 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=6600>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=6600

enodeURL adds 'jsession' when 'isRequestedSessionIdFromURL' returns false

           Summary: enodeURL adds 'jsession' when
                    'isRequestedSessionIdFromURL' returns false
           Product: Tomcat 4
           Version: 4.0.2 Final
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: Catalina
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: sgw@adnovum.com
                CC: sgw@adnovum.com


The Servlet 2.3 specification explicitly describes sessions based on the SSL
session i.e. a session which is neither based on cookies nor on URL rewriting.

When calling encodeURL() on the HttpServletResponse this should be taken into
consideration. So the 'jsession' stuff should be added only if
isRequestedSessionIdFromURL() returns true.

-> fix in org.apache.catalina.connector.HttpResponseBase.isEncodeable():

replace:

        if (hreq.isRequestedSessionIdFromCookie())
            return (false);

with:

        if (!hreq.isRequestedSessionIdFromURL())
            return (false);

--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message