You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2006/12/19 17:27:21 UTC
DO NOT REPLY [Bug 41213] New: - URLs with session ID in them no longer work
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=41213>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=41213
Summary: URLs with session ID in them no longer work
Product: Tomcat 5
Version: 5.5.20
Platform: Other
URL: https://bowmore.cs.st-
andrews.ac.uk/finesse/Resources.do;jsessionid=AAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAA
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Catalina
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: jrn2005@cs.st-andrews.ac.uk
I have a web application which users first access through a static login page.
They then enter a username and password, and are redirected to a servlet, which
creates a session, sets whether they have authenticated successfully in that
session, and redirects them on to the next page:
response.sendRedirect(response.encodeRedirectURL(url));
This worked fine in Tomcat versions up to 5.5.17, however having just installed
5.5.20 on our development server, I now get a 404 error instead of the page.
Removing the ";jsessionid=..." from the URL does work correctly (giving either a
403 if the user is not logged in, or has cookies disabled, or the correct page
if they're logged in and have cookies for the session system to use instead):
https://bowmore.cs.st-andrews.ac.uk/finesse/Resources.do
At a guess, looking at the change log, "Improve handling of the ';' character in
the URL so that it is now allowed if properly %xx encoded. (remm)" is somehow
related, but that's just a guess.
Tested using JDK 1.5_10, from Firefox 3.0 Alpha 1, Safari 2.0.4 and Lynx 2.8.5.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
DO NOT REPLY [Bug 41213] - URLs with session ID in them no longer work
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=41213>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=41213
------- Additional Comments From jrn2005@cs.st-andrews.ac.uk 2006-12-21 06:31 -------
Created an attachment (id=19298)
--> (http://issues.apache.org/bugzilla/attachment.cgi?id=19298&action=view)
Test case
Test case. Designed by compiled and deployed using ant... requires that
"catalina.home" and "javacc.home" properties are set in a build.properties
either in the current user's home directory, or the current directory. To
compile and deploy, type "ant deploy".
Can be seen on a live system at https://bowmore.cs.st-andrews.ac.uk/bug41213/
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
DO NOT REPLY [Bug 41213] - URLs with session ID in them no longer work
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=41213>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=41213
------- Additional Comments From rm@moosauer.de 2006-12-21 02:29 -------
Hi,
this is not necessarily a tomcat bug.
Please evaluate this behavior with the examples shipped with tomcat.
I suppose, this will work. If not: Report is as a bug with a minimal test
case!
Else:
- Trace your request processing (you use struts?)
- Check if any front-end-servers (apache, load balancers) are interfering
We see, that your application is not working. But without any insight to
source code nothing can be done.
You have to create a mini-application which reproduces the error.
Quite possible, you find an error in your own code.
Or you can track it down to a tomcat error, then provide your test case with
sources here.
Good luck
R.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
DO NOT REPLY [Bug 41213] - URLs with session ID in them no longer work
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=41213>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=41213
------- Additional Comments From jrn2005@cs.st-andrews.ac.uk 2006-12-20 08:25 -------
I've created test accounts on the development and live systems:
Username: bug41213
Password: tomcat
Dev: https://bowmore.cs.st-andrews.ac.uk/finesse/
Live: https://finesse.ac.uk/
The development version is running on Tomcat 5.5.20, the live version on 5.5.15
(but we were doing testing on 5.5.17 on the development server, until recently,
and that worked fine). As of now, they're both running exactly the same code.
To test, go to both sites, ensure cookies are disabled, and log in with the
username and password given. The development site should give an error, while
the live version should give you a fairly empty resources page.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
DO NOT REPLY [Bug 41213] - URLs with session ID in them no longer work
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=41213>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=41213
------- Additional Comments From remm@apache.org 2006-12-20 06:40 -------
This works for me. Tested with Tomcat 6.0.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
DO NOT REPLY [Bug 41213] - URLs with session ID in them no longer work
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=41213>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=41213
remm@apache.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |WORKSFORME
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
DO NOT REPLY [Bug 41213] - URLs with session ID in them no longer work
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=41213>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=41213
------- Additional Comments From rainer.jung@kippdata.de 2006-12-22 01:36 -------
Hi,
I tried a URL encoded session id with mod_jk/1.2.20 and Apache 2.0.58 and it did
work. I believe the decoding already happens inside apache, before passing the
request to mod_jk, and it should work with older versions too. Please increase
your JkLogLevel to debug and compare the result on a URL encoded request with
the following log output:
[Fri Dec 22 09:54:08 2006] [13973:63840] [debug]
map_uri_to_worker::jk_uri_worker_map.c (569): Removing Session path
';jsessionid=5A83896B1E0B44C6FEB0E912C5EEF25A.w-1' URI '/session.jsp'
[Fri Dec 22 09:54:08 2006] [13973:63840] [debug]
map_uri_to_worker::jk_uri_worker_map.c (575): Attempting to map URI
'/session.jsp;jsessionid=5A83896B1E0B44C6FEB0E912C5EEF25A.w-1' from 6 maps
[Fri Dec 22 09:54:08 2006] [13973:63840] [debug]
map_uri_to_worker::jk_uri_worker_map.c (587): Attempting to map context URI
'/jsp-examples/*=lb' source 'worker definition'
[Fri Dec 22 09:54:08 2006] [13973:63840] [debug]
map_uri_to_worker::jk_uri_worker_map.c (587): Attempting to map context URI
'/modjk/*=w-1' source 'worker definition'
[Fri Dec 22 09:54:08 2006] [13973:63840] [debug]
map_uri_to_worker::jk_uri_worker_map.c (587): Attempting to map context URI
'/jsp-examples=lb' source 'worker definition'
[Fri Dec 22 09:54:08 2006] [13973:63840] [debug]
map_uri_to_worker::jk_uri_worker_map.c (587): Attempting to map context URI
'/jkstatus2=status2' source 'worker definition'
[Fri Dec 22 09:54:08 2006] [13973:63840] [debug]
map_uri_to_worker::jk_uri_worker_map.c (587): Attempting to map context URI
'/*.jsp=lb' source 'worker definition'
[Fri Dec 22 09:54:08 2006] [13973:63840] [debug]
map_uri_to_worker::jk_uri_worker_map.c (602): Found a wildchar match '/*.jsp=lb'
[Fri Dec 22 09:54:08 2006] [13973:63840] [debug] jk_handler::mod_jk.c (1999):
Into handler jakarta-servlet worker=lb r->proxyreq=0
[Fri Dec 22 09:54:08 2006] [13973:63840] [debug]
wc_get_worker_for_name::jk_worker.c (114): found a worker lb
[Fri Dec 22 09:54:08 2006] [13973:63840] [debug] wc_maintain::jk_worker.c (321):
Maintaining worker w-1
[Fri Dec 22 09:54:08 2006] [13973:63840] [debug] wc_maintain::jk_worker.c (321):
Maintaining worker lb
[Fri Dec 22 09:54:08 2006] [13973:63840] [debug]
maintain_workers::jk_lb_worker.c (509): decay with 2^2
[Fri Dec 22 09:54:08 2006] [13973:63840] [debug]
wc_get_name_for_type::jk_worker.c (290): Found worker type 'lb'
[Fri Dec 22 09:54:08 2006] [13973:63840] [debug] init_ws_service::mod_jk.c
(584): Service protocol=HTTP/1.1 method=GET host=(null) addr=127.0.0.1
name=localhost port=8080 auth=(null) user=(null) laddr=127.0.0.1 raddr=127.0.0.1
[Fri Dec 22 09:54:08 2006] [13973:63840] [debug] service::jk_lb_worker.c (840):
service sticky_session=1 id='5A83896B1E0B44C6FEB0E912C5EEF25A.w-1'
[Fri Dec 22 09:54:08 2006] [13973:63840] [debug] service::jk_lb_worker.c (860):
service worker=w-2 route=w-2
If you think, it's a mod_jk bug, we need the relevant parts of your web serer
config, your mod_jk config and the version and platform information.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
DO NOT REPLY [Bug 41213] - URLs with session ID in them no longer work
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=41213>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=41213
jrn2005@cs.st-andrews.ac.uk changed:
What |Removed |Added
----------------------------------------------------------------------------
Component|Catalina |Connector:AJP
------- Additional Comments From jrn2005@cs.st-andrews.ac.uk 2006-12-21 06:06 -------
Will produce a test case next, but in the meantime good suggestion with the
front-end server. Turns out this only shows up when using mod_jk to pass
connections from the Apache server. Connecting directly to the server, or via
Apache set up for proxying, works fine. Proxy version up at:
https://bowmore.cs.st-andrews.ac.uk/finesse-proxy/
if you're interested. Off to produce a test case next.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org