tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Torsten Glunde <>
Subject Re: 3.2 beta status update
Date Tue, 04 Jul 2000 08:14:14 GMT
Hello Anders,

I have already shared this code in the mailing lists of tomcat. But what do you
mean with all the time.
This Interceptor works without cookies, but not with a client disabling the
cookies within a session.

But indeed you have just to ensure, that with and without the cookies there is
the sessionid in the URL. For this you have to change the code for encodeURL in
HttpServletResponseFacade() to put it always at the end of the url.

Hope this helps,

Torsten Glunde

Anders Janmyr schrieb:

> Hello Torsten,
> Am I correct to understand that you have a working Interceptor that allows
> you to use URL rewrite with sessions all the time.
> If so are you willing to share the code? I am very interested in this
> functionality and since it does not work correctly in Tomcat at the moment I
> would appreciate it.
> Regards
> Anders Janmyr
> -----Original Message-----
> From: Torsten Glunde []
> Sent: den 3 juli 2000 01:12
> To:
> Subject: Re: 3.2 beta status update
> Hi,
> >1) URL rewriting seems to be broken again,
> For this question I wrote the following some times ago, but without any
> answers, perhaps it would help.
> I have two points you may want to consider within Tomcat 3.2 release.
> To have Session Tracking work without cookies I went into two problems
> with the
> source download from 6th June 2000.
> 1. Request Interceptor.
> In the RequestInterceptor I found the code to get the sessionid from a
> cookie.
> But nowhere it would be read from url. I wrote my own Interceptor,
> which looks it up from url if the cookie fails. Is this implemented
> somewhere else, or do I need it? In our configuration Session tracking
> won't work
> without my own Interceptor.
> 2. encodeURL/encoderedirectURL
> in the HttpServletResponseFacade class in the isEncodeable member on our
> internal
> testing web server the url.getPort() method returns the port as not
> available. So
> I added url.getPort()!=-1 to avoid the encodeURL method failing when the
> serverport is not available from the url.May this give security leak?
> Torsten Glunde
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

View raw message