Author: remy.maucherat(a)jboss.com Date: 2010-09-29 11:16:20 -0400 (Wed, 29 Sep 2010) New Revision: 1562 Modified: trunk/java/org/apache/catalina/connector/Response.java Log: - The session id is valid for the entire vhost, so the check is not useful. Modified: trunk/java/org/apache/catalina/connector/Response.java =================================================================== --- trunk/java/org/apache/catalina/connector/Response.java 2010-09-29 15:06:39 UTC (rev 1561) +++ trunk/java/org/apache/catalina/connector/Response.java 2010-09-29 15:16:20 UTC (rev 1562) @@ -64,8 +64,6 @@ public class Response implements HttpServletResponse { - protected static final boolean REWRITE_CONTEXT_CHECK = - Boolean.valueOf(System.getProperty("org.apache.catalina.connector.Response.REWRITE_CONTEXT_CHECK", "true")).booleanValue(); // ----------------------------------------------------------- Constructors @@ -1510,15 +1508,12 @@ if (serverPort != urlPort) return (false); - String contextPath = request.getContext().getPath(); - if (contextPath != null) { - String file = url.getFile(); - if ((file == null) || (REWRITE_CONTEXT_CHECK && !file.startsWith(contextPath))) - return (false); - String tok = request.getContext().getSessionCookie().getPathParameterName() + session.getIdInternal(); - if (file.indexOf(tok, contextPath.length()) >= 0) - return (false); - } + String file = url.getFile(); + if (file == null) + return (false); + String tok = request.getContext().getSessionCookie().getPathParameterName() + session.getIdInternal(); + if (file.indexOf(tok) >= 0) + return (false); // This URL belongs to our web application, so it is encodeable return (true);