[mod_cluster-issues] [JBoss JIRA] (MODCLUSTER-284) remove_session_route doesn't work as expected with session id in the URL
Jean-Frederic Clere (JIRA)
jira-events at lists.jboss.org
Wed Mar 21 12:02:49 EDT 2012
[ https://issues.jboss.org/browse/MODCLUSTER-284?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jean-Frederic Clere updated MODCLUSTER-284:
-------------------------------------------
Fix Version/s: 1.2.1.Beta2
(was: 1.2.1.Beta1)
> remove_session_route doesn't work as expected with session id in the URL
> ------------------------------------------------------------------------
>
> Key: MODCLUSTER-284
> URL: https://issues.jboss.org/browse/MODCLUSTER-284
> Project: mod_cluster
> Issue Type: Bug
> Affects Versions: 1.1.3.Final, 1.2.0.Final
> Reporter: Stefano Nichele
> Assignee: Jean-Frederic Clere
> Fix For: 1.2.1.Beta2
>
>
> Looking at the code of remove_session_route (and trying it) i saw that URLs lke this one
> /test.jsp;jsessionid=1233454532432342.NODE01
> /test.jsp;jsessionid=1233454532432342.NODE01?p1=v1&p2=v2
> /test.jsp;jsessionid=1233454532432342.NODE01;otherparam=value
> are not correctly parsed and the session id is not removed.
> To note that it seems the code handles jsessionid as url parameter and not as URL "path parameter" (see for isntance http://doriantaylor.com/policy/http-url-path-parameter-syntax).
> This is for instance a piece of tomcat code that does something like what remove_session_route should do (at least in the URL part):
> /**
> * Strips a servlet session ID from <tt>url</tt>. The session ID
> * is encoded as a URL "path parameter" beginning with "jsessionid=".
> * We thus remove anything we find between ";jsessionid=" (inclusive)
> * and either EOS or a subsequent ';' (exclusive).
> *
> * taken from org.apache.taglibs.standard.tag.common.core.ImportSupport
> */
> public static String stripSession(String url) {
> StringBuffer u = new StringBuffer(url);
> int sessionStart;
> while ((sessionStart = u.toString().indexOf(";jsessionid=")) != -1) {
> int sessionEnd = u.toString().indexOf(";", sessionStart + 1);
> if (sessionEnd == -1)
> sessionEnd = u.toString().indexOf("?", sessionStart + 1);
> if (sessionEnd == -1) // still
> sessionEnd = u.length();
> u.delete(sessionStart, sessionEnd);
> }
> return u.toString();
> }
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the mod_cluster-issues
mailing list