tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 53469] possible bug in Response.normalize(CharChunk cc)
Date Mon, 27 Aug 2012 08:27:25 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=53469

--- Comment #18 from mgrigorov <mgrigorov@apache.org> ---
(In reply to comment #16)
> I have fixed the IAE in trunk and 7.0.x.

Unfortunately with this fix apps that work only with jsessionid encoded in the
url will still break. If JSESSIONID is in a cookie then all is OK because
Tomcat wont even try to normalize in this case. But if Tomcat is configured to
always encode it in the url and the normalization fails then with this fix the
relative url will not have the jsessionid and next request will be considered
as not authenticated and depending on the application configuration it will
most probably lead to a redirect to the login page.

Unfortunately I don't see how to fix this in Wicket too. There is no way to
inform the servlet container that there is a new base url which should be used
for the resolving. The only solution is to configure the Wicket application to
use REDIRECT_TO_RENDER strategy instead of REDIRECT_TO_BUFFER (the default
one). With REDIRECT_TO_RENDER Wicket will make a http redirect before starting
the render of the page responsible for /a/b/c/d.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message