You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by bu...@apache.org on 2002/02/21 00:43:16 UTC

DO NOT REPLY [Bug 6600] New: - enodeURL adds 'jsession' when 'isRequestedSessionIdFromURL' returns false

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=6600>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=6600

enodeURL adds 'jsession' when 'isRequestedSessionIdFromURL' returns false

           Summary: enodeURL adds 'jsession' when
                    'isRequestedSessionIdFromURL' returns false
           Product: Tomcat 4
           Version: 4.0.2 Final
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: Catalina
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: sgw@adnovum.com
                CC: sgw@adnovum.com


The Servlet 2.3 specification explicitly describes sessions based on the SSL
session i.e. a session which is neither based on cookies nor on URL rewriting.

When calling encodeURL() on the HttpServletResponse this should be taken into
consideration. So the 'jsession' stuff should be added only if
isRequestedSessionIdFromURL() returns true.

-> fix in org.apache.catalina.connector.HttpResponseBase.isEncodeable():

replace:

        if (hreq.isRequestedSessionIdFromCookie())
            return (false);

with:

        if (!hreq.isRequestedSessionIdFromURL())
            return (false);

--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>