You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2007/01/23 10:06:22 UTC
DO NOT REPLY [Bug 41439] New: - JK 1.2.20 in IIS does not remove ";jsessionid=..." from unmapped requests
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=41439>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=41439
Summary: JK 1.2.20 in IIS does not remove ";jsessionid=..." from
unmapped requests
Product: Tomcat 5
Version: 5.0.28
Platform: PC
OS/Version: Windows Server 2003
Status: NEW
Severity: normal
Priority: P2
Component: Native:JK
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: bjoern@syltonline.de
We run jk 1.2.20 on IIS6 on win2k3. Tomcat 5.0.28 on different machines. Some
of our applications produce image-links containing the JK-Session information.
Example:
<li><a
href="/shoppingcc/common/boundary/login.do;jsessionid=D5E2FE08F02400159DFD62311
1F98FEE.p-ng-ptom2"><img
src="/shoppingcc/img/btn_nav_main_login.gif;jsessionid=D5E2FE08F02400159DFD6231
11F98FEE.p-ng-ptom2" height="25" width="145" alt="Login"></a></li>
We are not exactly sure why, but not all applications do. We konw that on the
first call jk adds the information to all links in case the browser does not
support cookies to store the info. But why in image tags?
Anyway, on jk2.0.4, these pictures were displayed ok, so JK2 must have removed
the ";jksession=..." part from the URL of the images. Even though images are
not mapped and served from the iis directly.
Now, in the new 1.2.20 (maybe earlier versions too), the JK recognizes the
token ";jksessionid" ans states in the log that it removed that part of the
URL (tracelog):
--------------------------
[Mon Jan 22 18:20:18 2007] [4992:4356] [debug] jk_isapi_plugin.c (801): Filter
started
[Mon Jan 22 18:20:18 2007] [4992:4356] [debug] jk_isapi_plugin.c (868):
Virtual Host redirection
of /callcenter.premiereshop.de:3126/shoppingcc/img/logo_premiereshop.gif;jsessi
onid=23EE66145F266B442E5444F475F12C84.p-hh-ptom
[Mon Jan 22 18:20:18 2007] [4992:4356] [trace] jk_uri_worker_map.c (542): enter
[Mon Jan 22 18:20:18 2007] [4992:4356] [debug] jk_uri_worker_map.c (569):
Removing Session path ';jsessionid=23EE66145F266B442E5444F475F12C84.p-hh-ptom'
URI '/callcenter.premiereshop.de:3126/shoppingcc/img/logo_premiereshop.gif'
[Mon Jan 22 18:20:18 2007] [4992:4356] [debug] jk_uri_worker_map.c (575):
Attempting to map
URI '/callcenter.premiereshop.de:3126/shoppingcc/img/logo_premiereshop.gif;jses
sionid=23EE66145F266B442E5444F475F12C84.p-hh-ptom' from 246 maps
[Mon Jan 22 18:20:18 2007] [4992:4356] [debug] jk_uri_worker_map.c (587):
Attempting to map context
URI '/n1.tc.haendler.premierefernsehen.de*/abcc/vertraege/*.pdf=p-ng-ptom1'
source 'uriworkermap'
---------------------
...but the pictures are not displayed. in the IIS-Log you can see why:
---------------------
#Software: Microsoft Internet Information Services 6.0
#Version: 1.0
#Date: 2007-01-22 17:20:13
#Fields: date time cs-method cs-uri-stem cs-uri-query cs-username c-ip cs-
version cs(User-Agent) cs(Referer) sc-status sc-bytes time-taken
2007-01-22 17:20:13
GET /shoppingcc/img/logo_premiereshop.gif;jsessionid=23EE66145F266B442E5444F475
F12C84.p-hh-ptom - - 172.17.67.35 HTTP/1.1 Mozilla/4.0+
(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.1;+.NET
+CLR+2.0.50727) - 401 1860 109
2007-01-22 17:20:18
GET /shoppingcc/img/logo_premiereshop.gif;jsessionid=23EE66145F266B442E5444F475
F12C84.p-hh-ptom - adpw\admande40 172.17.67.35 HTTP/1.1 Mozilla/4.0+
(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.1;+.NET
+CLR+2.0.50727) - 404 1795 15
2007-01-22 17:20:20
GET /shoppingcc/img/logo_premiereshop.gif;jsessionid=23EE66145F266B442E5444F475
F12C84.p-hh-ptom - adpw\admande40 172.17.67.35 HTTP/1.1 Mozilla/4.0+
(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+1.1.4322;+InfoPath.1;+.NET
+CLR+2.0.50727) - 404 1795 15
---------------------
There is still the ";jksession=..." in the requested URL.
All this resulting in the pictures of some applications are not beeing
displayed on the first call of the webpage. After that, normaly the session
data kicks in and the sessions tags are not added any more to the images.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
DO NOT REPLY [Bug 41439] - JK 1.2.20 in IIS does not remove ";jsessionid=..." from unmapped requests
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=41439>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=41439
------- Additional Comments From bjoern@syltonline.de 2007-01-23 09:19 -------
Additional info:
I checked with our developers. The URL suffix is generated in tomcats struts
framework as soon as a session is initiated. Normally, this problem is covered
by the cookies ability of most browsers. The first call to a page is normally
a forward page, frameset, sessionless or has no pictures (like machine
interfaces).
That explains why picture sources have a jsessionid and why that rarely leads
to noticable flaws. But it doesn't cure the JK1-problem.
Please fix this soon. Thanks.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
DO NOT REPLY [Bug 41439] - JK 1.2.20 in IIS does not remove ";jsessionid=..." from unmapped requests
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=41439>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=41439
rainer.jung@kippdata.de changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
------- Additional Comments From rainer.jung@kippdata.de 2008-01-01 16:32 -------
Move a couple of fixed JK issues from resolved to closed.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
DO NOT REPLY [Bug 41439] - JK 1.2.20 in IIS does not remove ";jsessionid=..." from unmapped requests
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=41439>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=41439
------- Additional Comments From bruno.haleblian@free.fr 2007-03-30 02:56 -------
(In reply to comment #2)
> Although one doesn't have to use the struts tags, if one needs static content
> URLs, I still like the idea of being able to strip the suffixes. That way one
> will be able to seperate static from dynamic content during deployment time and
> developers can still stay on the safe side by encoding all URLs.
>
> I added a new property strip_session, which can be set in the registry or the
> proerties file (see docs) to a boolean value (see docs). Default is "false",
> i.e. suffixes of the form ";jsessionid=..." will *not* be stripped. By turing
> strip_session to true, they will be stripped, if the request doesn't get
> forwarded to tomcat.
>
> We still need to port this to Apache und Sun Web Server though ...
>
> This will be part of version 1.2.21.
>
Will this apply to jkunmount hrefs as well as outer hrefs?
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
DO NOT REPLY [Bug 41439] - JK 1.2.20 in IIS does not remove ";jsessionid=..." from unmapped requests
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=41439>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=41439
rainer.jung@kippdata.de changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
------- Additional Comments From rainer.jung@kippdata.de 2007-01-28 12:07 -------
Although one doesn't have to use the struts tags, if one needs static content
URLs, I still like the idea of being able to strip the suffixes. That way one
will be able to seperate static from dynamic content during deployment time and
developers can still stay on the safe side by encoding all URLs.
I added a new property strip_session, which can be set in the registry or the
proerties file (see docs) to a boolean value (see docs). Default is "false",
i.e. suffixes of the form ";jsessionid=..." will *not* be stripped. By turing
strip_session to true, they will be stripped, if the request doesn't get
forwarded to tomcat.
We still need to port this to Apache und Sun Web Server though ...
This will be part of version 1.2.21.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org