tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Force URL encoding
Date Mon, 10 Sep 2007 20:43:38 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Michael,

Michael Dehmlow wrote:
> '<%=response.encodeURL("test/") %>' 

This should work.

> '<%="test;jsessionid="+request.getSession().getId() %>'

Don't do this; find out what the problem is and fix that. I realize this
is only a test, but it's good to debug it before you replicate a hack
everywhere.

> <?xml version="1.0" encoding="UTF-8" ?>
> <Context cookies="false"></Context>
> 
> While the session is not stored in a cookie

Have you verified that no cookie exchange is occurring? If you have a
cookie left over from a previous run-through, Tomcat might be using that
for session identification and therefore leaving the ";jsessionid=..."
off of encoded URLs. I wouldn't be surprised if the TC code is very
tolerant of this kind of abuse, rather than simply saying "okay, cookies
are disabled; we'll completely ignore them".

> it appears that tomcat is not
> finding the session i specify. which I think has something to do with the
> fact that encodeURL does not work.

If your session does not exist, then encodeURL isn't going to change
anything. Make sure that the session exists; I'm guessing that the JSP
page directive session="true" ensures that?

Try purging your cookies for the test site and see if that fixes anything.

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFG5ax69CaO5/Lv0PARAvfLAJ4i5SqR4k4B3pXnPutXWI8XG00RkQCfacbx
VOq1VVtIZP4/jTxztVwPtzU=
=CYVf
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message