[jboss-dev-forums] [JBoss Web Development] - jsessionid, plus sign causes double escape error, jboss7 - iis
Krwyth Nowe
do-not-reply at jboss.com
Thu May 23 12:55:57 EDT 2013
Krwyth Nowe [https://community.jboss.org/people/md1037] created the discussion
"jsessionid, plus sign causes double escape error, jboss7 - iis"
To view the discussion, visit: https://community.jboss.org/message/819156#819156
--------------------------------------------------------------
We are running Jboss AS7 inside IIS using the ajp connector. Everything works fine except the jsessionid variable causes a 404 error (IIS double escape error) when it has a plus sign in it. Like this:
http://site/something.do;jsessionid=x2iV3knb6EjbYrnLjE+0FpVJ.node1?method=accept http://site/something.do;jsessionid=x2iV3knb6EjbYrnLjE+0FpVJ.node1?method=accept
I could allow IIS to accept double escape requests (security hole), or rewrite the URLs (PITA).
Does anyone have another suggestion for either removing the jsessionid or ensuring it doesn't have a plus sign?
--------------------------------------------------------------
Reply to this message by going to Community
[https://community.jboss.org/message/819156#819156]
Start a new discussion in JBoss Web Development at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2112]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-dev-forums/attachments/20130523/313ed6c1/attachment.html
More information about the jboss-dev-forums
mailing list