You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2002/02/21 00:43:16 UTC
DO NOT REPLY [Bug 6600] New: -
enodeURL adds 'jsession' when 'isRequestedSessionIdFromURL' returns false
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=6600>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=6600
enodeURL adds 'jsession' when 'isRequestedSessionIdFromURL' returns false
Summary: enodeURL adds 'jsession' when
'isRequestedSessionIdFromURL' returns false
Product: Tomcat 4
Version: 4.0.2 Final
Platform: All
OS/Version: All
Status: NEW
Severity: Normal
Priority: Other
Component: Catalina
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: sgw@adnovum.com
CC: sgw@adnovum.com
The Servlet 2.3 specification explicitly describes sessions based on the SSL
session i.e. a session which is neither based on cookies nor on URL rewriting.
When calling encodeURL() on the HttpServletResponse this should be taken into
consideration. So the 'jsession' stuff should be added only if
isRequestedSessionIdFromURL() returns true.
-> fix in org.apache.catalina.connector.HttpResponseBase.isEncodeable():
replace:
if (hreq.isRequestedSessionIdFromCookie())
return (false);
with:
if (!hreq.isRequestedSessionIdFromURL())
return (false);
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>