You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@struts.apache.org by bu...@apache.org on 2003/02/28 16:44:56 UTC

DO NOT REPLY [Bug 17530] New: - RequestUtils.computeURL should use the session associated with the request to control URL rewriting

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=17530>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=17530

RequestUtils.computeURL should use the session associated with the request to control URL rewriting

           Summary: RequestUtils.computeURL should use the session
                    associated with the request to control URL rewriting
           Product: Struts
           Version: Nightly Build
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: Utilities
        AssignedTo: struts-dev@jakarta.apache.org
        ReportedBy: kris@dotech.com
                CC: kris@dotech.com


The RequestUtils.computeURL method uses the existence of a session associated
with the current page context to determine if URL rewriting should occur. Since
it's possible for pageContext.getSession() to return null when
((HttpServletRequest)pageContext.getRequest()).getSession(false) returns a valid
session, it seems like the method could fail to rewrite when it should. The
situation can occur when a JSP page uses <%@ page session="false" %> but a valid
session actually exists.

I can't create a patch right now, bit I will later if it's not already
addressed. Here's the current state:

RequestUtils.computeURL / Revision: 1.90 / Line 550

// Perform URL rewriting to include our session ID (if any)
if (pageContext.getSession() != null) {
  HttpServletResponse response =
                               (HttpServletResponse) pageContext.getResponse();
  if (redirect) {
    return (response.encodeRedirectURL(url.toString()));
  } else {
    return (response.encodeURL(url.toString()));
  }
} else {
  return (url.toString());
}

Proposed change:

// Perform URL rewriting to include our session ID (if any)
if (request.getSession(false) != null) {
  HttpServletResponse response =
                               (HttpServletResponse) pageContext.getResponse();
  if (redirect) {
    return (response.encodeRedirectURL(url.toString()));
  } else {
    return (response.encodeURL(url.toString()));
  }
} else {
  return (url.toString());
}

---------------------------------------------------------------------
To unsubscribe, e-mail: struts-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-dev-help@jakarta.apache.org