tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 10418] - logic whether URL needs to be encoded in HttpServletResponse.encodeURL() broken
Date Sat, 03 Jan 2004 18:40:21 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=10418>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=10418

logic whether  URL needs to be encoded in HttpServletResponse.encodeURL() broken

medthomas@ntlworld.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|REOPENED                    |RESOLVED
         Resolution|                            |WONTFIX



------- Additional Comments From medthomas@ntlworld.com  2004-01-03 18:40 -------
Having reviewed this bug report, I am setting it back to WONTFIX. This report 
raises a number of issues and these are summarised below along with an 
explanation as to why it is WONTFIX.

The report raises a number issues.
1. hreq.isRequestedSessionIdFromCookie() is an insufficient test.
See Remy's comment - 2002-07-03 07:55.

2. Client sends some other session ID rather than our session ID.
This requires the client to deliberately modify the session ID. In this case 
the session is lost anyway.

3. Caching the result of isEncodable().
This is only useful if the same url needs to be encoded multiple times within 
the same response. I am not yet convinced that enhancing the existing 
functionality with a cache is worth the effort.

I am prepared to be convinced that 3 is worth doing. In this case, feel free 
to reopen the report as an enhancement request including the justification.

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message