You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by BugRat Mail System <to...@cortexity.com> on 2000/08/25 22:15:21 UTC

BugRat Report #38 has been filed.

Bug report #38 has just been filed.

You can view the report at the following URL:

   <http://znutar.cortexity.com:8888/BugRatViewer/ShowReport/38>

REPORT #38 Details.

Project: Tomcat
Category: Bug Report
SubCategory: New Bug Report
Class: swbug
State: received
Priority: high
Severity: critical
Confidence: public
Environment: 
   Release: Tomcat 3.2
   JVM Release: Solaris VM (build Solaris_JDK_1.2.2_05a, native threads, sunwjit)
   Operating System: Solaris
   OS Release: 8
   Platform: Ultra SPARC

Synopsis: 
org.apache.tomcat.util.SessionUtil does not address https schema

Description:
During my work on adapting my application to work with 3.2 I am running
into a couple of issues.

While browsing through the code, I ran across some problem that
may arise when using SessionUtil.encodeURL under SSL.

The code shows:

	// Encode all relative URLs unless they start with a hash
        if (!url.startsWith("http:")) {
            if (!url.startsWith("#"))
                return (encode(id, url));
            else
                return (url);
        }

        // Encode all absolute URLs that return to this hostname
        String serverName = req.getServerName();
        String match = "http://" + serverName;
        if (url.startsWith("http://" + serverName))
            return (encode(id, url));
        else
            return (url);