You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Tim Kientzle <ki...@acm.org> on 2000/09/21 21:47:44 UTC
[BUG] jakarta-servlet: HttpServlet.service() can mis-handle
If-Modified-Since
I couldn't find a bug mailing list for errors in jakarta-servlet,
so I guessed that this would be the appropriate place.
In HttpServlet.service(), the code first calls
getLastModified(), then goes through the following tests to
determine whether or not to invoke doGet(). The goal is
to skip doGet() if getLastModified returns a valid timestamp
more recent than was specified in an If-Modified-Since header:
if (lastModified == -1) {
doGet(req, resp);
} else {
long ifModifiedSince = req.getDateHeader(HEADER_IFMODSINCE);
if (ifModifiedSince < (lastModified / 1000 * 1000)) {
maybeSetLastModified(resp, lastModified);
doGet(req, resp);
} else {
resp.setStatus(HttpServletResponse.SC_NOT_MODIFIED);
}
}
The first line of this should be changed to:
if (lastModified < 0) {
Without this change, a user's getLastModified that returns
a negative value other than -1 will prompt an SC_NOT_MODIFIED
response to requests that don't have an If-Modified-Since
header, which is clearly wrong. Yes, getLastModified() shouldn't
ever return negative values other than -1, but servlet authors
might internally use other negative values as flags, and it's
easy to let those slip through.
- Tim Kientzle