tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Pyykkö <>
Subject Problem with POST requests not removing JSESSIONID in tomcat 6.0.35
Date Mon, 16 Jan 2012 12:45:36 GMT

I seem to have found a problem in tomcat 6.0.35 that did not exist in 6.0.32 or prior to that
version that I would like to know if I should file as a bug or if it exists a solution to
it (it seems to be a coding bug but just in case, I run tomcat on a MAC).

The problem occurs when sending a POST request which contains a JSESSIONID (for example going
directly to a page containing a login module and trying to get access by logging in).  In
tomcat 6.0.32 and prior the JSESSIONID was removed from the requestURL by the method parseSessionId
in the class org.apache.catalina.connector.CoyoteAdapter  (which was called by method  postParseRequest).
In tomcat 6.0.35 I can see that the method parseSessionId  has been rewritten and deprecated
(@deprecated Not used since 6.0.30) , but the checkin version is wrong since it was still
in use in tomcat 6.0.32. 

Now to my problem/question. Is it just a bug that the method parseSessionId is no longer called
by the method postParseRequest or how/where should the JSESSIONID be removed from the requestURL?
Or could it be on purpose that the JSESSIONID no longer is removed from the requestURL?

I would really appreciate if anybody could come with information regarding if this is a bug
or a new expected behavior.  

Kind Regards,

Daniel Pyykkö
Software Developer
Senselogic AB
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message