You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by bu...@apache.org on 2003/10/20 14:43:44 UTC

DO NOT REPLY [Bug 23936] New: - DefaultServlet loses session ID when sending redirect

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23936>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23936

DefaultServlet loses session ID when sending redirect

           Summary: DefaultServlet loses session ID when sending redirect
           Product: Tomcat 4
           Version: 4.1.27
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: Catalina
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: sfzhi@yahoo.com


When cookies can not be used (for whatever reason) session tracking is done by 
using suffix ";jsessionid=..." appended to URLs. However, when DefaultServlet 
sends redirect response for default welcome file (like from "<...>/somedir/" 
to "<...>/somedir/index.jsp") the "jsessionid" suffix is lost.

Suggested resolution: in DefaultServlet.java all (2) occurences of
    response.sendRedirect(redirectPath);
should be replaced with:
    response.sendRedirect(response.encodeRedirectURL(redirectPath));

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org