You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by ra...@wonko.inow.com on 2001/10/07 21:34:31 UTC
Tomcat - encodeURL does not encode https links on an HTTP request
OR any links on an HTTPS request
Hello,
I am running Apache 1.3.20 (w/ open ssl),
JDK 1.3, J2EE1.2.1 and Tomcat 3.2.3.
Session management works great with cookies, both
across HTTP and HTTPS. However, as soon as I turn
cookies off, and use URL rewriting instead... URL
rewriting ceases to work for HTTPS links (but still
works fine on HTTP links) when I view the page under
HTTP. Also, NOTHING is URL rewritten when the request
was under HTTPS.
I created a test page that displays
request.getRequestedSessionId(),
request.isRequestedSessionIdFromURL() and
request.isRequestedSessionIdValid(). After clicking
on a link on this test page that is a URL encoded
link back to itself, I have an appended ;jsessionid on
my HTTP request. All URL encoded HTTP links ARE URL
encoded with the same session id, BUT none of the same
(but in HTTPS) links are. getRequestedSessionId()
shows the correct session id,
isRequestedSessionIdFromURL() shows True, and
isRequestedSessionIdValid() is True.
Now, when I manually change the URL (WITH appended
session ID) to HTTPS, NONE of the links are URL Encoded
(http OR https). However, getRequestedSessionId() STILL
shows the correct session id,
isRequestedSessionIdFromURL() STILL shows True, and
isRequestedSessionIdValid() STILL is True.
So I seem to be having two problems. #1) REGARDLESS of
protocol, HTTPS links are NEVER URL Encoded. #2) Though
HTTP links ARE URL Encoded when my request is in HTTP,
they ARE NOT URL Encoded when my request is in HTTPS.
Can someone shed some light on what is going on here? I
know (because of displaying getRequestedSessionId(),
isRequestedSessionIdFromURL() and
isRequestedSessionIDValid()) that my JSP page is getting
all of the session information back, but it seems as if
Tomcat doesn't know how to URL Encode properly for HTTPS
links OR HTTPS requests.
Thanks in advance!!
Raiden Johnson
p.s. I just upgraded to Tomcat 3.2.3, because I was having
the same problem in 3.2.2