tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rémy Maucherat" <remy.mauche...@gmail.com>
Subject Re: %3B in path-info
Date Fri, 11 Apr 2008 01:38:26 GMT
On Fri, Apr 11, 2008 at 1:58 AM, Rainer Jung <rainer.jung@kippdata.de> wrote:
>  Rémy,
>
>  I know that we cleaned reencoding of forwarded URLs up in the context of
> the CVE and mod_jk. The semicolon wasn't involved in the CVE though and at
> that time it would have been easier, if the AJP connectors had resolved
> %3Bjsessionid (because then we wouldn't have needed a new JK forward
> option).

%3Bjsessionid is not a session id. JK should not be passing a decoded
URL, and that's pretty much the end of the story.

Rémy

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message