You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by Thomas Riemer <to...@58k.com> on 2001/08/03 21:34:50 UTC

response.encodeURL

I've run into what I think is a bug on HttpServletResponse.encodeURL.

I've setup tomcat so that it turns OFF cookies.

And I have my login working nicely with jsessionid, etc.

Here's the problem:

I am trying to pass a parameter to my url using a get post.

<A HREF="<% 
response.encodeURL("/customer/secure/cgi-person.jsp?custid=1") 
%>Customer 1</A>

What is returned to the browser is:
<A 
HREF="/customer/secure/cgi-person.jsp;jsessionid=8hvj345x?custid=1">Customer 
1</A>


This seems wrong to me!!!
In my brain, I am expecting:
<A 
HREF="/customer/secure/cgi-person.jsp?custid=1;jsessionid=8hvj345x">Customer 
1</A>

(In other words, sessionid tacked onto the end of the url)
The server does not know how to handle this URL correctly.

I'm using tomcat 3.3 m4

Am I simply missing a concept?  My guess is that this problem has not 
showed up because no
one has tried to use session handling with GET posts without cookies 
turned on.

Anyone have any comments/fixes on this?   Does anyone know if this has 
been fixed in a later release?

-Tom

RE: response.encodeURL

Posted by Marc Saegesser <ma...@apropos.com>.

The URL you're seeing with the query string after the session id is correct.
This works fine in Tomcat 3.2.x and should also work in 3.3.


Marc Saegesser

> -----Original Message-----
> From: Thomas Riemer [mailto:tom@58k.com]
> Sent: Friday, August 03, 2001 2:35 PM
> To: tomcat-dev@jakarta.apache.org
> Subject: response.encodeURL
>
>
> I've run into what I think is a bug on HttpServletResponse.encodeURL.
>
> I've setup tomcat so that it turns OFF cookies.
>
> And I have my login working nicely with jsessionid, etc.
>
> Here's the problem:
>
> I am trying to pass a parameter to my url using a get post.
>
> <A HREF="<%
> response.encodeURL("/customer/secure/cgi-person.jsp?custid=1")
> %>Customer 1</A>
>
> What is returned to the browser is:
> <A
> HREF="/customer/secure/cgi-person.jsp;jsessionid=8hvj345x?custid=1
> ">Customer
> 1</A>
>
>
> This seems wrong to me!!!
> In my brain, I am expecting:
> <A
> HREF="/customer/secure/cgi-person.jsp?custid=1;jsessionid=8hvj345x
> ">Customer
> 1</A>
>
> (In other words, sessionid tacked onto the end of the url)
> The server does not know how to handle this URL correctly.
>
> I'm using tomcat 3.3 m4
>
> Am I simply missing a concept?  My guess is that this problem has not
> showed up because no
> one has tried to use session handling with GET posts without cookies
> turned on.
>
> Anyone have any comments/fixes on this?   Does anyone know if this has
> been fixed in a later release?
>
> -Tom
>
>
>
>