tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rémy Maucherat" <>
Subject Re: %3B in path-info
Date Fri, 11 Apr 2008 01:38:26 GMT
On Fri, Apr 11, 2008 at 1:58 AM, Rainer Jung <> wrote:
>  Rémy,
>  I know that we cleaned reencoding of forwarded URLs up in the context of
> the CVE and mod_jk. The semicolon wasn't involved in the CVE though and at
> that time it would have been easier, if the AJP connectors had resolved
> %3Bjsessionid (because then we wouldn't have needed a new JK forward
> option).

%3Bjsessionid is not a session id. JK should not be passing a decoded
URL, and that's pretty much the end of the story.


To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message