tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Wilson <paulalexwil...@gmail.com>
Subject JSESSIONID Stripping
Date Fri, 07 Oct 2011 10:41:14 GMT
Hi there,

Simple question. If a client posts:

POST /app/main%3bjsessionid=BF18D19ED62BB5F78E519018E618FB64 HTTP/1.1

whilst also specifying:

Cookie: $Version="0"; JSESSIONID=BF18D19ED62BB5F78E519018E618FB64;
$Path=/app/

isn't Tomcat supposed to strip the jsessionid path param too? I'm seeing
'isRequestedSessionIdFromCookie()' evaluating to true within my app, but the
app still sees the jsessionid which is messing up resource resolution. I
guess I could strip the jsessionid path param but.... doesn't seem right.
(This is seen on both Tomcat 6.0.29/7.0.12). Or is the client expected to
remove the jsessionid before the request?

Regards,
Paul

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message