You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by bu...@apache.org on 2011/09/16 11:59:00 UTC

DO NOT REPLY [Bug 51833] New: Tomcat doesn't strip jsessionid from the url

https://issues.apache.org/bugzilla/show_bug.cgi?id=51833

             Bug #: 51833
           Summary: Tomcat doesn't strip jsessionid from the url
           Product: Tomcat 6
           Version: 6.0.33
          Platform: PC
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Connectors
        AssignedTo: dev@tomcat.apache.org
        ReportedBy: gozzoo@yahoo.com
    Classification: Unclassified


The url I use to access Tomcat is:

http://localhost/bin/upload;jsessionid=CDDAB8614E1F0ACB724CC033C8300697

the result I was getting when calling request.getRequestURI() is:

/bin/upload

This used to work until the latest version of tomcat 6.0.33. Now I'm getting:

/bin/upload;jsessionid=CDDAB8614E1F0ACB724CC033C8300697

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[Bug 51833] Tomcat doesn't strip jsessionid from the url

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=51833

--- Comment #6 from Jackie Rosen <ja...@hushmail.com> ---
*** Bug 260998 has been marked as a duplicate of this bug. ***
Seen from the domain http://volichat.com
Page where seen: http://volichat.com/adult-chat-rooms
Marked for reference. Resolved as fixed @bugzilla.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

DO NOT REPLY [Bug 51833] Tomcat doesn't strip jsessionid from the url

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=51833

Konstantin Kolinko <kn...@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |WONTFIX

--- Comment #1 from Konstantin Kolinko <kn...@gmail.com> 2011-09-16 12:47:03 UTC ---
As I already explained several days ago to somebody else on the users@ list,
this behaviour is required by the Servlet specification.

See servlet-2_5-mrel2-spec.pdf  ch. SRV.3.1, Quote:
[[[
Path parameters that are part of a GET request (as defined by HTTP 1.1) are not
exposed by these APIs. They must be parsed from the String values
returned by the
getRequestURI method or the getPathInfo method.
]]]

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[Bug 51833] Tomcat doesn't strip jsessionid from the url

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=51833

--- Comment #4 from ranomail@gmail.com ---
Sorry, but this change was registered in release notes and/or change log of
6.0.33 version?

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

DO NOT REPLY [Bug 51833] Tomcat doesn't strip jsessionid from the url

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=51833

Evgeni Milev <go...@yahoo.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|WONTFIX                     |

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

DO NOT REPLY [Bug 51833] Tomcat doesn't strip jsessionid from the url

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=51833

Evgeni Milev <go...@yahoo.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Platform|PC                          |All
         OS/Version|                            |All

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

DO NOT REPLY [Bug 51833] Tomcat doesn't strip jsessionid from the url

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=51833

--- Comment #2 from Evgeni Milev <go...@yahoo.com> 2011-09-17 14:40:15 UTC ---
This might be so, but jsessionid is tomcat specific paramater which only
puprose is to provide the session id. By the time getRequestURI gets called it
has been extracted and the users doesn't need to know about it. If they need 
the session id they can get it from the session object.

Furthermore Tomcat 6 is considered stable and not in active development any
more. Changing the default behaviour because of differnt interpretation of the
spcec doesn't seem very stable to me. It might be a big and very unplesent
surprise for some users when they discover that their applicatoins which have
been in use for years don't work any more after the latest upgrade because of
such so belated change of heart.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

[Bug 51833] Tomcat doesn't strip jsessionid from the url

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=51833

--- Comment #5 from Mark Thomas <ma...@apache.org> ---
Yes, this is in the change log. If you have any further questions on this
change, they belong on the users mailing list.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

DO NOT REPLY [Bug 51833] Tomcat doesn't strip jsessionid from the url

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=51833

Mark Thomas <ma...@apache.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|REOPENED                    |RESOLVED
         Resolution|                            |INVALID

--- Comment #3 from Mark Thomas <ma...@apache.org> 2011-09-21 11:45:41 UTC ---
Tomcat 6 is under active development. It receives security fixes, bug fixes and
some new features.

Non-compliance with the Servlet specification is always treated as a bug in
Tomcat. Failure to return the correct value for getRequestURI() was a bug and
has been fixed.

An application failure triggered by a valid - as per the specification - return
value from getRequestURI() is a bug in the application, not a bug in Tomcat.

While backwards incompatible changes are avoided where possible, the Tomcat
developers can't predict how every applications may respond to each individual
change and in this case specification compliance took precedence over the risk
of breaking backwards compatibility which was judged to be extremely low. Where
the risk of breaking compatibility is judged to be higher - or subsequently a
significant compatibility problem is found - the usual approach is to add a
configuration option that permits the previous - normally non-specification
compliant - behaviour. In this case I do not see sufficient justification for
adding such an option.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org