tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 51833] Tomcat doesn't strip jsessionid from the url
Date Wed, 21 Sep 2011 11:45:41 GMT

Mark Thomas <> changed:

           What    |Removed                     |Added
             Status|REOPENED                    |RESOLVED
         Resolution|                            |INVALID

--- Comment #3 from Mark Thomas <> 2011-09-21 11:45:41 UTC ---
Tomcat 6 is under active development. It receives security fixes, bug fixes and
some new features.

Non-compliance with the Servlet specification is always treated as a bug in
Tomcat. Failure to return the correct value for getRequestURI() was a bug and
has been fixed.

An application failure triggered by a valid - as per the specification - return
value from getRequestURI() is a bug in the application, not a bug in Tomcat.

While backwards incompatible changes are avoided where possible, the Tomcat
developers can't predict how every applications may respond to each individual
change and in this case specification compliance took precedence over the risk
of breaking backwards compatibility which was judged to be extremely low. Where
the risk of breaking compatibility is judged to be higher - or subsequently a
significant compatibility problem is found - the usual approach is to add a
configuration option that permits the previous - normally non-specification
compliant - behaviour. In this case I do not see sufficient justification for
adding such an option.

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message