Stefano Nichele created MODCLUSTER-284: ------------------------------------------ Summary: remove_session_route doesn't work as expected with session id in the URL Key: MODCLUSTER-284 URL: https://issues.jboss.org/browse/MODCLUSTER-284 Project: mod_cluster Issue Type: Bug Affects Versions: 1.2.0.Final, 1.1.3.Final Reporter: Stefano Nichele Assignee: Jean-Frederic Clere Looking at the code of remove_session_route (and trying it) i saw that URLs lke this one /test.jsp;jsessionid=1233454532432342.NODE01 /test.jsp;jsessionid=1233454532432342.NODE01?p1=v1&p2=v2 /test.jsp;jsessionid=1233454532432342.NODE01;otherparam=value are not correctly parsed and the session id is not removed. To note that it seems the code handles jsessionid as url parameter and not as URL "path parameter" (see for isntance http://doriantaylor.com/policy/http-url-path-parameter-syntax). This is for instance a piece of tomcat code that does something like what remove_session_route should do (at least in the URL part): /** * Strips a servlet session ID from <tt>url</tt>. The session ID * is encoded as a URL "path parameter" beginning with "jsessionid=". * We thus remove anything we find between ";jsessionid=" (inclusive) * and either EOS or a subsequent ';' (exclusive). * * taken from org.apache.taglibs.standard.tag.common.core.ImportSupport */ public static String stripSession(String url) { StringBuffer u = new StringBuffer(url); int sessionStart; while ((sessionStart = u.toString().indexOf(";jsessionid=")) != -1) { int sessionEnd = u.toString().indexOf(";", sessionStart + 1); if (sessionEnd == -1) sessionEnd = u.toString().indexOf("?", sessionStart + 1); if (sessionEnd == -1) // still sessionEnd = u.length(); u.delete(sessionStart, sessionEnd); } return u.toString(); } -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira