tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Path parameters and getRequestURI
Date Wed, 08 Feb 2012 20:35:14 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

All,

There was a change in 6.0.33 (and it has always been the case in
7.0.x?) that HttpServletRequest.getRequestURI now returns path
parameters as part of the URI. That notably includes the URL-encoded
jsessionid that Tomcat uses when the availability of cookies on the
client is set to be determined.

I have a Filter that checks to see if the user is accessing a
particular set of predefined pages and redirects them if they don't
hit any of them.

Needless to say, without any changes to my code, anyone who hits this
filter who either has cookies disabled or is in the middle of an
authentication ritual that redirects to the original page is going to
have a problem.

Is it safe to simply remove everything after the initial ";" if I'm
not interested in any path parameters? I don't want to just trim-off
that kind of thing blindly if there are any gotchas that I should be
aware of.

Can anyone think of a reason I can't just do that?

Thanks,
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk8y3IIACgkQ9CaO5/Lv0PDjVgCfWtDEaSmK1ctLtYs9hZknXrPM
EiMAn0y4getXGjQAMTa8dGCH6uYJfWnS
=YI6Y
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message