tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Raiden Johnson <>
Subject URGENT Help Needed Please: HTTPS links are not URL encoded
Date Wed, 10 Oct 2001 17:49:11 GMT
I am in urgent need of some guidance as to whether or not this intended,
or if I have a configuration error:

On an http page, only http links are url encoded.  Https links are not.

On an https page, NO links are url encoded.

The page is receiving all session information, though, because a call
to request.getRequestedSessionId() always returns the correct session id,
regardless of whether the page is in http or https.

Is this a known bug?  Do I need to modify the tomcat source code to fix

Thank you!
Raiden Johnson

Below is a message I posted that gives even more details of my problem:


I am running Apache 1.3.20 (w/ open ssl),
JDK 1.3, J2EE1.2.1 and Tomcat 3.2.3.

Session management works great with cookies, both
across HTTP and HTTPS.  However, as soon as I turn
cookies off, and use URL rewriting instead... URL
rewriting ceases to work for HTTPS links (but still
works fine on HTTP links) when I view the page under
HTTP. Also, NOTHING is URL rewritten when the request
was under HTTPS.

I created a test page that displays
request.isRequestedSessionIdFromURL() and
request.isRequestedSessionIdValid().  After clicking
on a link on this test page that is a URL encoded
link back to itself, I have an appended ;jsessionid on
my HTTP request.  All URL encoded HTTP links ARE URL
encoded with the same session id, BUT none of the same
(but in HTTPS) links are.  getRequestedSessionId()
shows the correct session id,
isRequestedSessionIdFromURL() shows True, and
isRequestedSessionIdValid() is True.

Now, when I manually change the URL (WITH appended
session ID) to HTTPS, NONE of the links are URL Encoded
(http OR https).  However, getRequestedSessionId() STILL
shows the correct session id,
isRequestedSessionIdFromURL() STILL shows True, and
isRequestedSessionIdValid() STILL is True.

So I seem to be having two problems.  #1) REGARDLESS of
protocol, HTTPS links are NEVER URL Encoded.  #2) Though
HTTP links ARE URL Encoded when my request is in HTTP,
they ARE NOT URL Encoded when my request is in HTTPS.

Can someone shed some light on what is going on here?  I
know (because of displaying getRequestedSessionId(),
isRequestedSessionIdFromURL() and
isRequestedSessionIDValid()) that my JSP page is getting
all of the session information back, but it seems as if
Tomcat doesn't know how to URL Encode properly for HTTPS
links OR HTTPS requests.

Thanks in advance!!
Raiden Johnson

p.s. I just upgraded to Tomcat 3.2.3, because I was having
the same problem in 3.2.2

View raw message