tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: svn commit: r1100992 - in /tomcat/trunk: java/org/apache/catalina/core/ApplicationSessionCookieConfig.java webapps/docs/changelog.xml
Date Mon, 09 May 2011 14:25:41 GMT
On 09/05/2011 14:53, Mark Thomas wrote:
> On 09/05/2011 13:58, Konstantin Kolinko wrote:
>> I have seen applications where  /webappname is not redirected to
>> /webappname/ but is served as is.  IIRC, that happens when there is no
>> welcome file.
>>
>> If I understand correctly, this change will break them.  Maybe make it
>> conditional?
> 
> The mapper redirects /test to /test/ unless there is an exact match or a
> prefix match (which won't happen for /test) so there should always be a
> redirect to /test/
> 
> I can't see a route for a request to /test getting to passed to a web
> application. I'll do some more testing but I think this change is safe.

Grr. A servlet mapped to "/*" will break this on IE. It at least needs
to be configurable in this case. I'll leave the default as is (more
secure, works in most scenarios) but add an option to not add the
trailing / to the session path.

Mark

> 
>> For reference, discussion on users@
>> [1] http://markmail.org/message/wsmv4jecrwggpzaj
> 
> Yep, that is what triggered this. I did do some testing and while
> Firefox does what you'd want it to, IE sends a cookie with a path of
> /test with a request for /testfoo.
> 
> Mark
> 
>>
>>
>> 2011/5/9  <markt@apache.org>:
>>> Author: markt
>>> Date: Mon May  9 12:45:55 2011
>>> New Revision: 1100992
>>>
>>> URL: http://svn.apache.org/viewvc?rev=1100992&view=rev
>>> Log:
>>> Ensure session cookie paths end in / so that session cookies created for a context
with a path of /foo do not get returned with requests mapped to a context with a path of
>>> /foobar
>>>
>>> Modified:
>>>    tomcat/trunk/java/org/apache/catalina/core/ApplicationSessionCookieConfig.java
>>>    tomcat/trunk/webapps/docs/changelog.xml
>>>
>>> Modified: tomcat/trunk/java/org/apache/catalina/core/ApplicationSessionCookieConfig.java
>>> URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/core/ApplicationSessionCookieConfig.java?rev=1100992&r1=1100991&r2=1100992&view=diff
>>> ==============================================================================
>>> --- tomcat/trunk/java/org/apache/catalina/core/ApplicationSessionCookieConfig.java
(original)
>>> +++ tomcat/trunk/java/org/apache/catalina/core/ApplicationSessionCookieConfig.java
Mon May  9 12:45:55 2011
>>> @@ -158,8 +158,10 @@ public class ApplicationSessionCookieCon
>>>         }
>>>         // Handle special case of ROOT context where cookies require a path of
>>>         // '/' but the servlet spec uses an empty string
>>> -        if (contextPath.length() == 0) {
>>> -            contextPath = "/";
>>> +        // Also ensure the cookies for a context with a path of /foo don't get
>>> +        // sent for requests with a path of /foobar
>>> +        if (!contextPath.endsWith("/")) {
>>> +            contextPath = contextPath + "/";
>>>         }
>>>         cookie.setPath(contextPath);
>>>
>>>
>>> Modified: tomcat/trunk/webapps/docs/changelog.xml
>>> URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1100992&r1=1100991&r2=1100992&view=diff
>>> ==============================================================================
>>> --- tomcat/trunk/webapps/docs/changelog.xml (original)
>>> +++ tomcat/trunk/webapps/docs/changelog.xml Mon May  9 12:45:55 2011
>>> @@ -71,6 +71,12 @@
>>>         ServletRequest#getServerPort() and ServletRequest#getLocalPort() when
>>>         Tomcat is behind a reverse proxy. (markt)
>>>       </add>
>>> +      <fix>
>>> +        Ensure session cookie paths end in <code>/</code> so that
session
>>> +        cookies created for a context with a path of <code>/foo</code>
do not
>>> +        get returned with requests mapped to a context with a path of
>>> +        <code>/foobar</code>. (markt)
>>> +      </fix>
>>>     </changelog>
>>>   </subsection>
>>>  </section>
>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: dev-help@tomcat.apache.org
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: dev-help@tomcat.apache.org
>>
> 
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
> 




---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message