You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tapestry.apache.org by Joel Halbert <jo...@storequery.com> on 2009/03/17 09:56:39 UTC

T5 jsession id in url crashing tap URLEncoder

I am seeing bot requests to our site which have the session id encoded
in the request url because they are not using cookies:

e.g.

66.249.70.177 - - [17/Mar/2009:08:43:23 +0000] "GET /store/product/2799%
3Bjsessionid=1660715C3C8E125693B0B98550FFEC87 HTTP/1.1" 500 3931 "-"
"Mozilla/
5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"


This is resulting in an exception in T5.0.18


2009-03-17 08:43:23,937 [TP-Processor2] ERROR
org.apache.tapestry5.services.TapestryModule.RequestExceptionHandler -
Processing of request failed with uncau
ght exception: Input string
'2799;jsessionid=1660715C3C8E125693B0B98550FFEC87' is not valid; the
character ';' at position 5 is not valid.
 java.lang.IllegalArgumentException: Input string
'2799;jsessionid=1660715C3C8E125693B0B98550FFEC87' is not valid; the
character ';' at position 5 is not val
id.
        at
org.apache.tapestry5.internal.services.URLEncoderImpl.decode(URLEncoderImpl.java:143)
        at $URLEncoder_120118ad084.decode($URLEncoder_120118ad084.java)
        at
org.apache.tapestry5.internal.services.ContextPathEncoderImpl.decodePath(ContextPathEncoderImpl.java:70)



Should the URLEncoder not be able to correctly decode a request with an
encoded session id? Or this this symptomatic of some other issue?

Thank,
Joel
   


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org

Re: T5 jsession id in url crashing tap URLEncoder

Posted by raulmt <ra...@gmail.com>.

Yes, and it generally does... if you make a request like http://localhost:8080/mypage;jsessionid and in mypage you print out request.getPath(), it returns only "mypage".... BUT, if you do the same request like http://localhost:8080/mypage%3Bjsessionid the ";" equivalent of "%3B" arrives to Tapestry and the application throws an error.... I think the servlet container just does this filter before converting the hexa characters to the respective char....

So, apparently the problem is not in Tapestry but in many servlet containers.... i searched on Google for solutions to this and the best thing i found was this: http://www.digitalsanctuary.com/tech-blog/general/jboss-jsessionid-parameter-remove.html Its a filter that detects if the request is from googlebot and in that case it doesn't add the ;jsessionid in the url of the links rewritten because not using cookies.

Anyway, apparently this problem is not on a particular container and it happens to many people... is there a posibility to have a solution in Tapestry to this?

Regards.


Very odd; the servlet container is supposed to strip off the
;jessionid before making the path visible to the application (via
HttpServletRequest.getPath() ).

On Tue, Apr 7, 2009 at 10:05 AM, raulmt <ra...@gmail.com> wrote:
>
> I have the same issue with google... the links on google have the jsessionid with ";" converted to hexa and the application crashs.... anyone has a solution to this?
>
> Regards.
>
>
> I am seeing bot requests to our site which have the session id encoded
> in the request url because they are not using cookies:
>
> e.g.
>
> 66.249.70.177 - - [17/Mar/2009:08:43:23 +0000] "GET /store/product/2799%
> 3Bjsessionid=1660715C3C8E125693B0B98550FFEC87 HTTP/1.1" 500 3931 "-"
> "Mozilla/
> 5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
>
>
> This is resulting in an exception in T5.0.18
>
>
> 2009-03-17 08:43:23,937 [TP-Processor2] ERROR
> org.apache.tapestry5.services.TapestryModule.RequestExceptionHandler -
> Processing of request failed with uncau
> ght exception: Input string
> '2799;jsessionid=1660715C3C8E125693B0B98550FFEC87' is not valid; the
> character ';' at position 5 is not valid.
>  java.lang.IllegalArgumentException: Input string
> '2799;jsessionid=1660715C3C8E125693B0B98550FFEC87' is not valid; the
> character ';' at position 5 is not val
> id.
>        at
> org.apache.tapestry5.internal.services.URLEncoderImpl.decode(URLEncoderImpl.java:143)
>        at $URLEncoder_120118ad084.decode($URLEncoder_120118ad084.java)
>        at
> org.apache.tapestry5.internal.services.ContextPathEncoderImpl.decodePath(ContextPathEncoderImpl.java:70)
>
>
>
> Should the URLEncoder not be able to correctly decode a request with an
> encoded session id? Or this this symptomatic of some other issue?
>
> Thank,
> Joel
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>
>
>
> --
> View this message in context: http://n2.nabble.com/T5-jsession-id-in-url-crashing-tap-URLEncoder-tp2491665p2600166.html
> Sent from the Tapestry Users mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>



-- 
Howard M. Lewis Ship

Creator Apache Tapestry and Apache HiveMind

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org




-- 
View this message in context: http://n2.nabble.com/T5-jsession-id-in-url-crashing-tap-URLEncoder-tp2491665p2601041.html
Sent from the Tapestry Users mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org

Re: T5 jsession id in url crashing tap URLEncoder

Posted by Howard Lewis Ship <hl...@gmail.com>.

Very odd; the servlet container is supposed to strip off the
;jessionid before making the path visible to the application (via
HttpServletRequest.getPath() ).

On Tue, Apr 7, 2009 at 10:05 AM, raulmt <ra...@gmail.com> wrote:
>
> I have the same issue with google... the links on google have the jsessionid with ";" converted to hexa and the application crashs.... anyone has a solution to this?
>
> Regards.
>
>
> I am seeing bot requests to our site which have the session id encoded
> in the request url because they are not using cookies:
>
> e.g.
>
> 66.249.70.177 - - [17/Mar/2009:08:43:23 +0000] "GET /store/product/2799%
> 3Bjsessionid=1660715C3C8E125693B0B98550FFEC87 HTTP/1.1" 500 3931 "-"
> "Mozilla/
> 5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
>
>
> This is resulting in an exception in T5.0.18
>
>
> 2009-03-17 08:43:23,937 [TP-Processor2] ERROR
> org.apache.tapestry5.services.TapestryModule.RequestExceptionHandler -
> Processing of request failed with uncau
> ght exception: Input string
> '2799;jsessionid=1660715C3C8E125693B0B98550FFEC87' is not valid; the
> character ';' at position 5 is not valid.
>  java.lang.IllegalArgumentException: Input string
> '2799;jsessionid=1660715C3C8E125693B0B98550FFEC87' is not valid; the
> character ';' at position 5 is not val
> id.
>        at
> org.apache.tapestry5.internal.services.URLEncoderImpl.decode(URLEncoderImpl.java:143)
>        at $URLEncoder_120118ad084.decode($URLEncoder_120118ad084.java)
>        at
> org.apache.tapestry5.internal.services.ContextPathEncoderImpl.decodePath(ContextPathEncoderImpl.java:70)
>
>
>
> Should the URLEncoder not be able to correctly decode a request with an
> encoded session id? Or this this symptomatic of some other issue?
>
> Thank,
> Joel
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>
>
>
> --
> View this message in context: http://n2.nabble.com/T5-jsession-id-in-url-crashing-tap-URLEncoder-tp2491665p2600166.html
> Sent from the Tapestry Users mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
> For additional commands, e-mail: users-help@tapestry.apache.org
>
>



-- 
Howard M. Lewis Ship

Creator Apache Tapestry and Apache HiveMind

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org

Re: T5 jsession id in url crashing tap URLEncoder

Posted by raulmt <ra...@gmail.com>.

I have the same issue with google... the links on google have the jsessionid with ";" converted to hexa and the application crashs.... anyone has a solution to this?

Regards.


I am seeing bot requests to our site which have the session id encoded
in the request url because they are not using cookies:

e.g.

66.249.70.177 - - [17/Mar/2009:08:43:23 +0000] "GET /store/product/2799%
3Bjsessionid=1660715C3C8E125693B0B98550FFEC87 HTTP/1.1" 500 3931 "-"
"Mozilla/
5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"


This is resulting in an exception in T5.0.18


2009-03-17 08:43:23,937 [TP-Processor2] ERROR
org.apache.tapestry5.services.TapestryModule.RequestExceptionHandler -
Processing of request failed with uncau
ght exception: Input string
'2799;jsessionid=1660715C3C8E125693B0B98550FFEC87' is not valid; the
character ';' at position 5 is not valid.
 java.lang.IllegalArgumentException: Input string
'2799;jsessionid=1660715C3C8E125693B0B98550FFEC87' is not valid; the
character ';' at position 5 is not val
id.
        at
org.apache.tapestry5.internal.services.URLEncoderImpl.decode(URLEncoderImpl.java:143)
        at $URLEncoder_120118ad084.decode($URLEncoder_120118ad084.java)
        at
org.apache.tapestry5.internal.services.ContextPathEncoderImpl.decodePath(ContextPathEncoderImpl.java:70)



Should the URLEncoder not be able to correctly decode a request with an
encoded session id? Or this this symptomatic of some other issue?

Thank,
Joel
   


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org




-- 
View this message in context: http://n2.nabble.com/T5-jsession-id-in-url-crashing-tap-URLEncoder-tp2491665p2600166.html
Sent from the Tapestry Users mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org