Tomcat 6.0.33 trailing slash redirect looses jsessionid attribute

[Frank Sommer <fs...@googlemail.com>]

Hello,

I'm using URL rewriting and recently upgraded my tomcat version from 6.0.32 to 6.0.33. I figured out that since 6.0.33 the jsessionid attribute is omitted in the Location header when Tomcat forces a trailing slash redirect e.g. from /mypath to /mypath/.
The effect is that the session information is lost after the redirect.

This pretty looks like the same as an old bug 'Bug 34749' (https://issues.apache.org/bugzilla/show_bug.cgi?id=34749) in Tomcat 5. 

I also noticed that since 6.0.33 the jsessionid attribute is present in the request URI now. Maybe this change caused the different behaviour regarding the redirect. 

Does anybody run into the same trouble and would you recommend to create a bug report respectively?

Kind Regards,
Frank


Sample requests using curl:

##############
Tomcat 6.0.33 (the same with > 6.0.33)
without trailing slash -- Location Header does no longer contain the jsessionid. 
##############
curl -Lv "http://localhost:8080/jsessionid-issue;jsessionid=B6F1C24E3F4CEDEDC74B8258B2603C3D?p1=1"
* About to connect() to localhost port 8080 (#0)
*   Trying ::1...
* connected
* Connected to localhost (::1) port 8080 (#0)
> GET /jsessionid-issue;jsessionid=B6F1C24E3F4CEDEDC74B8258B2603C3D?p1=1 HTTP/1.1
> User-Agent: curl/7.28.0
> Host: localhost:8080
> Accept: */*
> 
< HTTP/1.1 302 Moved Temporarily
< Server: Apache-Coyote/1.1
< Location: http://localhost:8080/jsessionid-issue/?p1=1
< Transfer-Encoding: chunked
< Date: Fri, 12 Jul 2013 09:04:56 GMT
< 
* Ignoring the response-body
* Connection #0 to host localhost left intact
* Issue another request to this URL: 'http://localhost:8080/jsessionid-issue/?p1=1'
* Re-using existing connection! (#0) with host localhost
* Connected to localhost (::1) port 8080 (#0)
> GET /jsessionid-issue/?p1=1 HTTP/1.1
> User-Agent: curl/7.28.0
> Host: localhost:8080
> Accept: */*
> 
< HTTP/1.1 200 OK
< Server: Apache-Coyote/1.1
< Content-Type: text/html;charset=utf-8
< Content-Length: 189
< Date: Fri, 12 Jul 2013 09:04:56 GMT
< 

<html>
<body>
http session is null
getRequestURI: /jsessionid-issue/
getRequestedSessionId: null
isRequestedSessionIdFromURL: false
isRequestedSessionIdValid: false
</body>
</html>
* Connection #0 to host localhost left intact
* Closing connection #0
##############


##############
Tomcat 6.0.33
with trailing slash -- no 302 redirect; jsessionid is taken into account; everything is fine
##############
curl -Lv "http://localhost:8080/jsessionid-issue/;jsessionid=B6F1C24E3F4CEDEDC74B8258B2603C3D?p1=1"
* About to connect() to localhost port 8080 (#0)
*   Trying ::1...
* connected
* Connected to localhost (::1) port 8080 (#0)
> GET /jsessionid-issue/;jsessionid=B6F1C24E3F4CEDEDC74B8258B2603C3D?p1=1 HTTP/1.1
> User-Agent: curl/7.28.0
> Host: localhost:8080
> Accept: */*
> 
< HTTP/1.1 200 OK
< Server: Apache-Coyote/1.1
< Content-Type: text/html;charset=utf-8
< Content-Length: 285
< Date: Fri, 12 Jul 2013 09:06:55 GMT
< 

<html>
<body>
http session: B6F1C24E3F4CEDEDC74B8258B2603C3D
getRequestURI: /jsessionid-issue/;jsessionid=B6F1C24E3F4CEDEDC74B8258B2603C3D
getRequestedSessionId: B6F1C24E3F4CEDEDC74B8258B2603C3D
isRequestedSessionIdFromURL: true
isRequestedSessionIdValid: true
</body>
</html>
* Connection #0 to host localhost left intact
* Closing connection #0
##############



##############
Tomcat 6.0.32
without trailing slash -- Location Header is fine. 
##############
curl -Lv "http://localhost:8080/jsessionid-issue;jsessionid=A91B10DC0B528E311CF35C877B79D144?p1=1"
* About to connect() to localhost port 8080 (#0)
*   Trying ::1...
* connected
* Connected to localhost (::1) port 8080 (#0)
> GET /jsessionid-issue;jsessionid=A91B10DC0B528E311CF35C877B79D144?p1=1 HTTP/1.1
> User-Agent: curl/7.28.0
> Host: localhost:8080
> Accept: */*
> 
< HTTP/1.1 302 Moved Temporarily
< Server: Apache-Coyote/1.1
< Location: http://localhost:8080/jsessionid-issue/;jsessionid=A91B10DC0B528E311CF35C877B79D144?p1=1
< Transfer-Encoding: chunked
< Date: Fri, 12 Jul 2013 09:01:21 GMT
< 
* Ignoring the response-body
* Connection #0 to host localhost left intact
* Issue another request to this URL: 'http://localhost:8080/jsessionid-issue/;jsessionid=A91B10DC0B528E311CF35C877B79D144?p1=1'
* Re-using existing connection! (#0) with host localhost
* Connected to localhost (::1) port 8080 (#0)
> GET /jsessionid-issue/;jsessionid=A91B10DC0B528E311CF35C877B79D144?p1=1 HTTP/1.1
> User-Agent: curl/7.28.0
> Host: localhost:8080
> Accept: */*
> 
< HTTP/1.1 200 OK
< Server: Apache-Coyote/1.1
< Content-Type: text/html;charset=utf-8
< Content-Length: 241
< Date: Fri, 12 Jul 2013 09:01:21 GMT
< 

<html>
<body>
http session: A91B10DC0B528E311CF35C877B79D144
getRequestURI: /jsessionid-issue/
getRequestedSessionId: A91B10DC0B528E311CF35C877B79D144
isRequestedSessionIdFromURL: true
isRequestedSessionIdValid: true
</body>
</html>
* Connection #0 to host localhost left intact
* Closing connection #0
##############


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Tomcat 6.0.33 trailing slash redirect looses jsessionid attribute

[Frank Sommer <fs...@googlemail.com>]

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> 
> Frank,
> 
> On 7/12/13 5:52 AM, Frank Sommer wrote:
>> Hello,
>> 
>> I'm using URL rewriting and recently upgraded my tomcat version
>> from 6.0.32 to 6.0.33. I figured out that since 6.0.33 the
>> jsessionid attribute is omitted in the Location header when Tomcat
>> forces a trailing slash redirect e.g. from /mypath to /mypath/. The
>> effect is that the session information is lost after the redirect.
>> 
>> This pretty looks like the same as an old bug 'Bug 34749'
>> (https://issues.apache.org/bugzilla/show_bug.cgi?id=34749) in
>> Tomcat 5.
>> 
>> I also noticed that since 6.0.33 the jsessionid attribute is
>> present in the request URI now. Maybe this change caused the
>> different behaviour regarding the redirect.
>> 
>> Does anybody run into the same trouble and would you recommend to
>> create a bug report respectively?
> 
> Can you try with Tomcat 6.0.37? If it's still happening, please log a
> bug report in Bugzilla: https://tomcat.apache.org/bugreport.html
> 
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
> 
> iQIcBAEBCAAGBQJR4Ad+AAoJEBzwKT+lPKRYmJoQAILxNBI43hz0czdRz+nwSXOA
> NtPW3Z0nCKZPLGZEpbkVB9UJLjkmMDLQ9SyNXNaKlwPjLdfF6WhjJuu4FgIWTtFt
> rwmuG7x1lyJpMLqvpfO0GaSEBY+HPkVwdvYcVXp+CfZfMALbjYxG8NZsDNgsgfWV
> +jLvacI2XJL6umKvMFSdQMWfsJlVceZrqJr1CgX5dAGqhtV2CeQB181KX9mgwdiu
> HLtnC1RPKRX1sFvVmPfZ72i+vEewqMelJUaVgkAXD45EXikAzhnRZv20c2oJ2vL0
> bUJX6HEo4e6YNsAcziZccp+yezN3rxW8fq7Ipku9nIkD8iirLC/mKRkDM4NedFgu
> oTbtNIqy3LowfZxfGdtLnNPRg6a2T/PG+dMU1Gd2UhpQL7Kr9qAhsgRL9dlXDI1w
> 5sV+cgIm2drufLkq1uODVaJdqWEi5RNBePaQ2MPqi6vXAjQnhpcJvgPKl3Tv7Jxg
> qUzwVDxn5x1JO8hhHJaeHU7tRkW1oVUy1YyBAAYT6AdYUsfw8f4u0KjexiOGGMbf
> 8YXIixZCX16RDqY9DTzTFjxogE343qXPWuVoHT91sudZM1prZvTJMQjtx6hNKiF1
> yA4mtcwhGDTMaJHu1T8gqWB4pTAvuYTuLl4wuY8ty6iwQoPgkyeffaqh0EfBWpUl
> fJsBlc8eh/naTmDWRQtO
> =ffQV
> -----END PGP SIGNATURE-----
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 

Yes, the same with all versions > 6.0.32. I created a bug report https://issues.apache.org/bugzilla/show_bug.cgi?id=55266


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org

Re: Tomcat 6.0.33 trailing slash redirect looses jsessionid attribute

[Christopher Schultz <ch...@christopherschultz.net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Frank,

On 7/12/13 5:52 AM, Frank Sommer wrote:
> Hello,
> 
> I'm using URL rewriting and recently upgraded my tomcat version
> from 6.0.32 to 6.0.33. I figured out that since 6.0.33 the
> jsessionid attribute is omitted in the Location header when Tomcat
> forces a trailing slash redirect e.g. from /mypath to /mypath/. The
> effect is that the session information is lost after the redirect.
> 
> This pretty looks like the same as an old bug 'Bug 34749'
> (https://issues.apache.org/bugzilla/show_bug.cgi?id=34749) in
> Tomcat 5.
> 
> I also noticed that since 6.0.33 the jsessionid attribute is
> present in the request URI now. Maybe this change caused the
> different behaviour regarding the redirect.
> 
> Does anybody run into the same trouble and would you recommend to
> create a bug report respectively?

Can you try with Tomcat 6.0.37? If it's still happening, please log a
bug report in Bugzilla: https://tomcat.apache.org/bugreport.html

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJR4Ad+AAoJEBzwKT+lPKRYmJoQAILxNBI43hz0czdRz+nwSXOA
NtPW3Z0nCKZPLGZEpbkVB9UJLjkmMDLQ9SyNXNaKlwPjLdfF6WhjJuu4FgIWTtFt
rwmuG7x1lyJpMLqvpfO0GaSEBY+HPkVwdvYcVXp+CfZfMALbjYxG8NZsDNgsgfWV
+jLvacI2XJL6umKvMFSdQMWfsJlVceZrqJr1CgX5dAGqhtV2CeQB181KX9mgwdiu
HLtnC1RPKRX1sFvVmPfZ72i+vEewqMelJUaVgkAXD45EXikAzhnRZv20c2oJ2vL0
bUJX6HEo4e6YNsAcziZccp+yezN3rxW8fq7Ipku9nIkD8iirLC/mKRkDM4NedFgu
oTbtNIqy3LowfZxfGdtLnNPRg6a2T/PG+dMU1Gd2UhpQL7Kr9qAhsgRL9dlXDI1w
5sV+cgIm2drufLkq1uODVaJdqWEi5RNBePaQ2MPqi6vXAjQnhpcJvgPKl3Tv7Jxg
qUzwVDxn5x1JO8hhHJaeHU7tRkW1oVUy1YyBAAYT6AdYUsfw8f4u0KjexiOGGMbf
8YXIixZCX16RDqY9DTzTFjxogE343qXPWuVoHT91sudZM1prZvTJMQjtx6hNKiF1
yA4mtcwhGDTMaJHu1T8gqWB4pTAvuYTuLl4wuY8ty6iwQoPgkyeffaqh0EfBWpUl
fJsBlc8eh/naTmDWRQtO
=ffQV
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org