You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Thomas Riemer <to...@58k.com> on 2001/08/03 21:34:50 UTC
response.encodeURL
I've run into what I think is a bug on HttpServletResponse.encodeURL.
I've setup tomcat so that it turns OFF cookies.
And I have my login working nicely with jsessionid, etc.
Here's the problem:
I am trying to pass a parameter to my url using a get post.
<A HREF="<%
response.encodeURL("/customer/secure/cgi-person.jsp?custid=1")
%>Customer 1</A>
What is returned to the browser is:
<A
HREF="/customer/secure/cgi-person.jsp;jsessionid=8hvj345x?custid=1">Customer
1</A>
This seems wrong to me!!!
In my brain, I am expecting:
<A
HREF="/customer/secure/cgi-person.jsp?custid=1;jsessionid=8hvj345x">Customer
1</A>
(In other words, sessionid tacked onto the end of the url)
The server does not know how to handle this URL correctly.
I'm using tomcat 3.3 m4
Am I simply missing a concept? My guess is that this problem has not
showed up because no
one has tried to use session handling with GET posts without cookies
turned on.
Anyone have any comments/fixes on this? Does anyone know if this has
been fixed in a later release?
-Tom
RE: response.encodeURL
Posted by Marc Saegesser <ma...@apropos.com>.
The URL you're seeing with the query string after the session id is correct.
This works fine in Tomcat 3.2.x and should also work in 3.3.
Marc Saegesser
> -----Original Message-----
> From: Thomas Riemer [mailto:tom@58k.com]
> Sent: Friday, August 03, 2001 2:35 PM
> To: tomcat-dev@jakarta.apache.org
> Subject: response.encodeURL
>
>
> I've run into what I think is a bug on HttpServletResponse.encodeURL.
>
> I've setup tomcat so that it turns OFF cookies.
>
> And I have my login working nicely with jsessionid, etc.
>
> Here's the problem:
>
> I am trying to pass a parameter to my url using a get post.
>
> <A HREF="<%
> response.encodeURL("/customer/secure/cgi-person.jsp?custid=1")
> %>Customer 1</A>
>
> What is returned to the browser is:
> <A
> HREF="/customer/secure/cgi-person.jsp;jsessionid=8hvj345x?custid=1
> ">Customer
> 1</A>
>
>
> This seems wrong to me!!!
> In my brain, I am expecting:
> <A
> HREF="/customer/secure/cgi-person.jsp?custid=1;jsessionid=8hvj345x
> ">Customer
> 1</A>
>
> (In other words, sessionid tacked onto the end of the url)
> The server does not know how to handle this URL correctly.
>
> I'm using tomcat 3.3 m4
>
> Am I simply missing a concept? My guess is that this problem has not
> showed up because no
> one has tried to use session handling with GET posts without cookies
> turned on.
>
> Anyone have any comments/fixes on this? Does anyone know if this has
> been fixed in a later release?
>
> -Tom
>
>
>
>