[jboss-jira] [JBoss JIRA] (WFLY-4782) ; jsessionid= in URL not supported

[ https://issues.jboss.org/browse/WFLY-4782?page=com.atlassian.jira.plugin.... ] Francesco Pagetti commented on WFLY-4782: ----------------------------------------- The Jenkins team are aware of the issue https://issues.jenkins-ci.org/browse/JENKINS-22358 https://github.com/jenkinsci/jenkins/commit/3addbabf8afae39022440d63216a3... However I wonder why the JSESSIONID is there in first instance. Looking at the source code I can see that during the login in the method org.acegisecurity.ui.AbstractProcessingFilter#successfulAuthentication it is called org.acegisecurity.ui.AbstractProcessingFilter#sendRedirect that delegates to javax.servlet.http.HttpServletResponse#encodeRedirectURL the resolution of the URL. Accordingly to specs of encodeRedirectURL: "Encodes the specified URL for use in the sendRedirect method or, if encoding is not needed, returns the URL unchanged. The implementation of this method includes the logic to determine whether the session ID needs to be encoded in the URL. Because the rules for making this determination can differ from those used to decide whether to encode a normal link, this method is separete from the encodeURL method. All URLs sent to the HttpServletResponse.sendRedirect method should be run through this method. Otherwise, URL rewriting cannot be used with browsers which do not support cookies." In the HttpServletResponse implementation on Tomcat, this method doesn't add the JSESSIONID, in the implementation on Undertow it does, this is why this "bug" occurs mainly on JBoss/undertow. The question is, why on Undertow encodeRedirectURL decides to add the session information in the URL? -- This message was sent by Atlassian JIRA (v6.4.11#64026)