You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by BugRat Mail System <to...@cortexity.com> on 2000/08/25 22:15:21 UTC
BugRat Report #38 has been filed.
Bug report #38 has just been filed.
You can view the report at the following URL:
<http://znutar.cortexity.com:8888/BugRatViewer/ShowReport/38>
REPORT #38 Details.
Project: Tomcat
Category: Bug Report
SubCategory: New Bug Report
Class: swbug
State: received
Priority: high
Severity: critical
Confidence: public
Environment:
Release: Tomcat 3.2
JVM Release: Solaris VM (build Solaris_JDK_1.2.2_05a, native threads, sunwjit)
Operating System: Solaris
OS Release: 8
Platform: Ultra SPARC
Synopsis:
org.apache.tomcat.util.SessionUtil does not address https schema
Description:
During my work on adapting my application to work with 3.2 I am running
into a couple of issues.
While browsing through the code, I ran across some problem that
may arise when using SessionUtil.encodeURL under SSL.
The code shows:
// Encode all relative URLs unless they start with a hash
if (!url.startsWith("http:")) {
if (!url.startsWith("#"))
return (encode(id, url));
else
return (url);
}
// Encode all absolute URLs that return to this hostname
String serverName = req.getServerName();
String match = "http://" + serverName;
if (url.startsWith("http://" + serverName))
return (encode(id, url));
else
return (url);