[mod_cluster-issues] [JBoss JIRA] (MODCLUSTER-284) remove_session_route doesn't work as expected with session id in the URL

Jean-Frederic Clere (JIRA) jira-events at lists.jboss.org
Tue Feb 28 03:50:37 EST 2012 

     [ https://issues.jboss.org/browse/MODCLUSTER-284?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jean-Frederic Clere updated MODCLUSTER-284:
-------------------------------------------

    Fix Version/s: 1.2.1.Beta1

    
> remove_session_route doesn't work as expected with session id in the URL
> ------------------------------------------------------------------------
>
>                 Key: MODCLUSTER-284
>                 URL: https://issues.jboss.org/browse/MODCLUSTER-284
>             Project: mod_cluster
>          Issue Type: Bug
>    Affects Versions: 1.1.3.Final, 1.2.0.Final
>            Reporter: Stefano Nichele
>            Assignee: Jean-Frederic Clere
>             Fix For: 1.2.1.Beta1
>
>
> Looking at the code of remove_session_route (and trying it) i saw that URLs lke this one
> /test.jsp;jsessionid=1233454532432342.NODE01
> /test.jsp;jsessionid=1233454532432342.NODE01?p1=v1&p2=v2
> /test.jsp;jsessionid=1233454532432342.NODE01;otherparam=value
> are not correctly parsed and the session id is not removed. 
> To note that it seems the code handles jsessionid as url parameter and not as URL "path parameter" (see for isntance http://doriantaylor.com/policy/http-url-path-parameter-syntax). 
> This is for instance a piece of tomcat code that does something like what remove_session_route should do (at least in the URL part):
>     /**
>      * Strips a servlet session ID from <tt>url</tt>.  The session ID
>      * is encoded as a URL "path parameter" beginning with "jsessionid=".
>      * We thus remove anything we find between ";jsessionid=" (inclusive)
>      * and either EOS or a subsequent ';' (exclusive).
>      * 
>      * taken from org.apache.taglibs.standard.tag.common.core.ImportSupport
>      */
>     public static String stripSession(String url) {
>         StringBuffer u = new StringBuffer(url);
>         int sessionStart;
>         while ((sessionStart = u.toString().indexOf(";jsessionid=")) != -1) {
>             int sessionEnd = u.toString().indexOf(";", sessionStart + 1);
>             if (sessionEnd == -1)
>                 sessionEnd = u.toString().indexOf("?", sessionStart + 1);
>             if (sessionEnd == -1) 				// still
>                 sessionEnd = u.length();
>             u.delete(sessionStart, sessionEnd);
>         }
>         return u.toString();
>     }

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the mod_cluster-issues mailing list