You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2003/10/20 14:43:44 UTC
DO NOT REPLY [Bug 23936] New: -
DefaultServlet loses session ID when sending redirect
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23936>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23936
DefaultServlet loses session ID when sending redirect
Summary: DefaultServlet loses session ID when sending redirect
Product: Tomcat 4
Version: 4.1.27
Platform: All
OS/Version: All
Status: NEW
Severity: Normal
Priority: Other
Component: Catalina
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: sfzhi@yahoo.com
When cookies can not be used (for whatever reason) session tracking is done by
using suffix ";jsessionid=..." appended to URLs. However, when DefaultServlet
sends redirect response for default welcome file (like from "<...>/somedir/"
to "<...>/somedir/index.jsp") the "jsessionid" suffix is lost.
Suggested resolution: in DefaultServlet.java all (2) occurences of
response.sendRedirect(redirectPath);
should be replaced with:
response.sendRedirect(response.encodeRedirectURL(redirectPath));
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org