[JBoss JIRA] (MODCLUSTER-284) remove_session_route doesn't work as expected with session id in the URL
by Jean-Frederic Clere (Jira)
[ https://issues.jboss.org/browse/MODCLUSTER-284?page=com.atlassian.jira.pl... ]
Jean-Frederic Clere resolved MODCLUSTER-284.
--------------------------------------------
Resolution: Out of Date
> remove_session_route doesn't work as expected with session id in the URL
> ------------------------------------------------------------------------
>
> Key: MODCLUSTER-284
> URL: https://issues.jboss.org/browse/MODCLUSTER-284
> Project: mod_cluster
> Issue Type: Bug
> Components: Native (httpd modules)
> Affects Versions: 1.1.3.Final, 1.2.0.Final
> Reporter: Stefano Nichele
> Assignee: Jean-Frederic Clere
> Priority: Major
>
> Looking at the code of remove_session_route (and trying it) i saw that URLs lke this one
> /test.jsp;jsessionid=1233454532432342.NODE01
> /test.jsp;jsessionid=1233454532432342.NODE01?p1=v1&p2=v2
> /test.jsp;jsessionid=1233454532432342.NODE01;otherparam=value
> are not correctly parsed and the session id is not removed.
> To note that it seems the code handles jsessionid as url parameter and not as URL "path parameter" (see for isntance http://doriantaylor.com/policy/http-url-path-parameter-syntax).
> This is for instance a piece of tomcat code that does something like what remove_session_route should do (at least in the URL part):
> {code}
> /**
> * Strips a servlet session ID from <tt>url</tt>. The session ID
> * is encoded as a URL "path parameter" beginning with "jsessionid=".
> * We thus remove anything we find between ";jsessionid=" (inclusive)
> * and either EOS or a subsequent ';' (exclusive).
> *
> * taken from org.apache.taglibs.standard.tag.common.core.ImportSupport
> */
> public static String stripSession(String url) {
> StringBuffer u = new StringBuffer(url);
> int sessionStart;
> while ((sessionStart = u.toString().indexOf(";jsessionid=")) != -1) {
> int sessionEnd = u.toString().indexOf(";", sessionStart + 1);
> if (sessionEnd == -1)
> sessionEnd = u.toString().indexOf("?", sessionStart + 1);
> if (sessionEnd == -1) // still
> sessionEnd = u.length();
> u.delete(sessionStart, sessionEnd);
> }
> return u.toString();
> }
> {code}
--
This message was sent by Atlassian Jira
(v7.12.1#712002)