You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Matthias Bauer <Ma...@livinglogic.de> on 2001/02/22 13:40:03 UTC
Request for change: RequestUtil.absoluteURL()
To all active developers.
I would like to see a minor change (bugfix) in struts, which fixes the problem
outlined in a previous mail from Gordon Maclean, subjected "netscape 4.7x,
session ids and struts". I attached it to the end of this mail because it
describes the problem very good.
I ran into the same problem this morning and finally found a workaround. I would
like to see this change in struts before it is released as official version 1.0.
It simply prevents the function RequestUtil.absoluteURL() from including the
port number into the URL, when the port number is equal to 80.
Unfortunately I do not have a (and don't want to open one now) Bugzilla account.
Nevertheless I would like to ask an active developer to implement this change. I
am quite sure, that considerably many developers have already stumbled over this
problem outlined int Gordon's mail.
Here is the little change in the code (RequestUtils.java):
Former code:
> public static String absoluteURL(HttpServletRequest request, String path) {
>
> try {
> URL url = new URL(request.getScheme(),
> request.getServerName(),
> request.getServerPort(),
> request.getContextPath() + path);
> return (url.toString());
> } catch (MalformedURLException e) {
> return (null);
> }
>
> }
New code:
> public static String absoluteURL(HttpServletRequest request, String path) {
>
> try {
> int port = request.getServerPort();
> URL url;
> if (80 == port)
> {
> url = new URL(request.getScheme(),
> request.getServerName(),
> request.getContextPath() + path);
> }
> else
> {
> url = new URL(request.getScheme(),
> request.getServerName(),
> port,
> request.getContextPath() + path);
> }
> return (url.toString());
> } catch (MalformedURLException e) {
> return (null);
> }
>
> }
Thanks,
--- Matthias
Matthias Bauer +++ mba@livinglogic.de +++ LivingLogic AG +++ www.livinglogic.de
Gordon's Previous Mail with the bug description:
================================================
> Using netscape 4.7x on either solaris, linux or windows, the
> struts-example fails, because I am bounced between two different
> sessions.
>
> The symptom indicates to me that netscape keeps separate lists
> of cookies for the following URLs:
>
> http://myhost
> http://myhost:80
>
> As one goes through the struts example, the URL is
> sometimes displayed as myhost, and sometimes as myhost:80,
> and I am never allowed past the login because the user
> information is kept in a session associated with myhost,
> and can't be found in a session associated with myhost:80.
>
> Environment: struts nightly download as of Feb 12, 2001.
> Tomcat 3.2.1, mod_jk, apache 1.3.12 on RH7.
>
> I have all cookies enabled in netscape preferences, with
> "Warn before accepting a cookie" also turned on for debugging.
>
> 1. When I try the struts-example with the following URL:
>
> http://myhost/struts-example
>
> Netscape asks if I want to send the cookie JSESSIONID=f78s0eymd1,
> and I click OK.
>
> 2. I select the "Log on ..." link. Then the logon form is displayed at
> a
> URL of
> http://myhost:80/struts-example/logon.jsp;jsessionid=f78s0eymd1
>
> Note the cookie in the URL because struts doesn't yet know if my browser
> accepts cookies. Also note the port number 80 in the URL.
>
> 3. I enter user:pass and Submit.
>
> LogonAction logs the following message:
>
> 2001-02-15 01:59:47 - path="/struts-example" :action: LogonAction:
> User 'user' logged on in session f78s0eymd1
>
>
> The mainMenu.jsp page is displayed, with a URL:
>
> http://myhost/struts-example/logon.do;jsessionid=f78s0eymd1
>
> (note no port number is in the URL)
>
> 4. Then, when I select "Edit your" the netscape question box pops up
> asking if I want to send a cookie JSESSIONID=ynsmafyqr1.
> The URL is shown as
> http://myhost:80/struts-example/editRegistration.do?action=Edit
>
> This shouldn't happen, it should use the first session id!
>
> 5. When I click on OK, then, EditRegistrationAction logs the following
> error:
>
> 2001-02-15 02:00:55 - path="/struts-example" :action: User is not
> logged on in session ynsmafyqr1
>
>
> The logon.jsp form is again displayed. If I enter user:pass, then
> LogonAction reports a successfull login in session f78s0eymd1
> (the first session id again!)
>
> When I select "Edit ..." I get the same error from
> EditRegistrationAction about "User is not logged on in session
> ynsmafyqr1".
> And so on, ad-infinitum.
>
> If I disable cookies in netscape preferences, then things
> work with URL rewriting, and EditRegistrationAction forwards me to
> registration.jsp.
>
> The problem also does not show up with IE 5.
>
> Also, at step 4, if I manually enter a URL of:
> http://myhost/struts-example/editRegistration.do?action=Edit
> then EditRegistrationAction succeeds and forwards to registration.jsp.
>
>
> If I am right about netscape keeping separate cookie lists, then perhaps
> a workaround is for struts (specifically the html taglib) not to add
> the port number when generating URLs?
>
> I haven't tested this solution.
>
> Someone must have run into it also?
>
> Gordon Maclean
>
> --
> *****************************************************
> Gordon Maclean, Software Engineer, 303 497-8794
> Nat'l Center for Atmospheric Research, Boulder CO USA
> *****************************************************
[RE] Requests for changes/enhancements/bugfixes
Posted by Elod Horvath <el...@itfais.com>.
Matthias Bauer wrote:
>
> Hi all,
>
> I sent this message out to the struts-user list on 02/22/01, but did not hear
> any response since then. But as it hits a point which I would really like to see
> changed, I am resending it to this list now hoping to get at least some feedback
> which says why obviously nobody is interested in doing this little bugfix. I can
> not imagine that nobody except me is running into this problem - well no: I know
> from the struts-user list that obviously some other people had to fight this
> strange behaviour.
>
> So please give at least some feedback.
>
> Thanks,
>
> --- Matthias
>
<rest of message snipped/>
it's best to submit bug reports and feature requests to bugzilla at
<
http://nagoya.apache.org/bugzilla/
>
where they won't be forgotten or lost in the melee. of course,
they can be posted to the list as well in hopes of discussions, etc.
i seem to recall there being some other issues with including port
numbers in generated URLs and i seem to recall a fix being applied
in CVS (but i don't know if it's exactly for the problem you outline).
e
--
_______________________________________________________________________
Elod Horvath ('e') / ITFAIS Records (http://www.itfais.com/)
Re: Request for change: RequestUtil.absoluteURL()
Posted by Matthias Bauer <Ma...@livinglogic.de>.
Hi all,
I sent this message out to the struts-user list on 02/22/01, but did not hear
any response since then. But as it hits a point which I would really like to see
changed, I am resending it to this list now hoping to get at least some feedback
which says why obviously nobody is interested in doing this little bugfix. I can
not imagine that nobody except me is running into this problem - well no: I know
from the struts-user list that obviously some other people had to fight this
strange behaviour.
So please give at least some feedback.
Thanks,
--- Matthias
Matthias Bauer wrote:
>
> To all active developers.
>
> I would like to see a minor change (bugfix) in struts, which fixes the problem
> outlined in a previous mail from Gordon Maclean, subjected "netscape 4.7x,
> session ids and struts". I attached it to the end of this mail because it
> describes the problem very good.
>
> I ran into the same problem this morning and finally found a workaround. I would
> like to see this change in struts before it is released as official version 1.0.
> It simply prevents the function RequestUtil.absoluteURL() from including the
> port number into the URL, when the port number is equal to 80.
>
> Unfortunately I do not have a (and don't want to open one now) Bugzilla account.
> Nevertheless I would like to ask an active developer to implement this change. I
> am quite sure, that considerably many developers have already stumbled over this
> problem outlined int Gordon's mail.
>
> Here is the little change in the code (RequestUtils.java):
>
> Former code:
>
> > public static String absoluteURL(HttpServletRequest request, String path) {
> >
> > try {
> > URL url = new URL(request.getScheme(),
> > request.getServerName(),
> > request.getServerPort(),
> > request.getContextPath() + path);
> > return (url.toString());
> > } catch (MalformedURLException e) {
> > return (null);
> > }
> >
> > }
>
> New code:
>
> > public static String absoluteURL(HttpServletRequest request, String path) {
> >
> > try {
> > int port = request.getServerPort();
> > URL url;
> > if (80 == port)
> > {
> > url = new URL(request.getScheme(),
> > request.getServerName(),
> > request.getContextPath() + path);
> > }
> > else
> > {
> > url = new URL(request.getScheme(),
> > request.getServerName(),
> > port,
> > request.getContextPath() + path);
> > }
> > return (url.toString());
> > } catch (MalformedURLException e) {
> > return (null);
> > }
> >
> > }
>
> Thanks,
>
> --- Matthias
>
> Matthias Bauer +++ mba@livinglogic.de +++ LivingLogic AG +++ www.livinglogic.de
>
> Gordon's Previous Mail with the bug description:
> ================================================
>
> > Using netscape 4.7x on either solaris, linux or windows, the
> > struts-example fails, because I am bounced between two different
> > sessions.
> >
> > The symptom indicates to me that netscape keeps separate lists
> > of cookies for the following URLs:
> >
> > http://myhost
> > http://myhost:80
> >
> > As one goes through the struts example, the URL is
> > sometimes displayed as myhost, and sometimes as myhost:80,
> > and I am never allowed past the login because the user
> > information is kept in a session associated with myhost,
> > and can't be found in a session associated with myhost:80.
> >
> > Environment: struts nightly download as of Feb 12, 2001.
> > Tomcat 3.2.1, mod_jk, apache 1.3.12 on RH7.
> >
> > I have all cookies enabled in netscape preferences, with
> > "Warn before accepting a cookie" also turned on for debugging.
> >
> > 1. When I try the struts-example with the following URL:
> >
> > http://myhost/struts-example
> >
> > Netscape asks if I want to send the cookie JSESSIONID=f78s0eymd1,
> > and I click OK.
> >
> > 2. I select the "Log on ..." link. Then the logon form is displayed at
> > a
> > URL of
> > http://myhost:80/struts-example/logon.jsp;jsessionid=f78s0eymd1
> >
> > Note the cookie in the URL because struts doesn't yet know if my browser
> > accepts cookies. Also note the port number 80 in the URL.
> >
> > 3. I enter user:pass and Submit.
> >
> > LogonAction logs the following message:
> >
> > 2001-02-15 01:59:47 - path="/struts-example" :action: LogonAction:
> > User 'user' logged on in session f78s0eymd1
> >
> >
> > The mainMenu.jsp page is displayed, with a URL:
> >
> > http://myhost/struts-example/logon.do;jsessionid=f78s0eymd1
> >
> > (note no port number is in the URL)
> >
> > 4. Then, when I select "Edit your" the netscape question box pops up
> > asking if I want to send a cookie JSESSIONID=ynsmafyqr1.
> > The URL is shown as
> > http://myhost:80/struts-example/editRegistration.do?action=Edit
> >
> > This shouldn't happen, it should use the first session id!
> >
> > 5. When I click on OK, then, EditRegistrationAction logs the following
> > error:
> >
> > 2001-02-15 02:00:55 - path="/struts-example" :action: User is not
> > logged on in session ynsmafyqr1
> >
> >
> > The logon.jsp form is again displayed. If I enter user:pass, then
> > LogonAction reports a successfull login in session f78s0eymd1
> > (the first session id again!)
> >
> > When I select "Edit ..." I get the same error from
> > EditRegistrationAction about "User is not logged on in session
> > ynsmafyqr1".
> > And so on, ad-infinitum.
> >
> > If I disable cookies in netscape preferences, then things
> > work with URL rewriting, and EditRegistrationAction forwards me to
> > registration.jsp.
> >
> > The problem also does not show up with IE 5.
> >
> > Also, at step 4, if I manually enter a URL of:
> > http://myhost/struts-example/editRegistration.do?action=Edit
> > then EditRegistrationAction succeeds and forwards to registration.jsp.
> >
> >
> > If I am right about netscape keeping separate cookie lists, then perhaps
> > a workaround is for struts (specifically the html taglib) not to add
> > the port number when generating URLs?
> >
> > I haven't tested this solution.
> >
> > Someone must have run into it also?
> >
> > Gordon Maclean
> >
> > --
> > *****************************************************
> > Gordon Maclean, Software Engineer, 303 497-8794
> > Nat'l Center for Atmospheric Research, Boulder CO USA
> > *****************************************************