[mod_cluster-issues] [JBoss JIRA] (MODCLUSTER-284) remove_session_route doesn't work as expected with session id in the URL

Stefano Nichele (JIRA) jira-events at lists.jboss.org
Wed Feb 8 13:18:48 EST 2012 

Stefano Nichele created MODCLUSTER-284:
------------------------------------------

             Summary: remove_session_route doesn't work as expected with session id in the URL
                 Key: MODCLUSTER-284
                 URL: https://issues.jboss.org/browse/MODCLUSTER-284
             Project: mod_cluster
          Issue Type: Bug
    Affects Versions: 1.2.0.Final, 1.1.3.Final
            Reporter: Stefano Nichele
            Assignee: Jean-Frederic Clere


Looking at the code of remove_session_route (and trying it) i saw that URLs lke this one

/test.jsp;jsessionid=1233454532432342.NODE01
/test.jsp;jsessionid=1233454532432342.NODE01?p1=v1&p2=v2
/test.jsp;jsessionid=1233454532432342.NODE01;otherparam=value

are not correctly parsed and the session id is not removed. 
To note that it seems the code handles jsessionid as url parameter and not as URL "path parameter" (see for isntance http://doriantaylor.com/policy/http-url-path-parameter-syntax). 
This is for instance a piece of tomcat code that does something like what remove_session_route should do (at least in the URL part):

    /**
     * Strips a servlet session ID from <tt>url</tt>.  The session ID
     * is encoded as a URL "path parameter" beginning with "jsessionid=".
     * We thus remove anything we find between ";jsessionid=" (inclusive)
     * and either EOS or a subsequent ';' (exclusive).
     * 
     * taken from org.apache.taglibs.standard.tag.common.core.ImportSupport
     */
    public static String stripSession(String url) {
        StringBuffer u = new StringBuffer(url);
        int sessionStart;
        while ((sessionStart = u.toString().indexOf(";jsessionid=")) != -1) {
            int sessionEnd = u.toString().indexOf(";", sessionStart + 1);
            if (sessionEnd == -1)
                sessionEnd = u.toString().indexOf("?", sessionStart + 1);
            if (sessionEnd == -1) 				// still
                sessionEnd = u.length();
            u.delete(sessionStart, sessionEnd);
        }
        return u.toString();
    }


--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the mod_cluster-issues mailing list