RE: TC 3.3: getRequestURI()

Wed, 26 Sep 2001 10:12:37 -0700 

0x3b = ';'.  Ignacio is right, SessionID doesn't remove the id 
because it is not expecting ; to be encoded.  So now it shows
up in the URI and has the side effect of breaking sessions 
that depend on url rewriting.  But, the spec does say the URL
should be encoded, so I'd rather fix SessionID with this patch.

However, are there other places where TC is manipulating the
URL and assuming it is unencoded?

Keith


| -----Original Message-----
| From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
| Behalf Of jean-frederic clere
| Sent: Wednesday, September 26, 2001 12:37 PM
| To: [EMAIL PROTECTED]
| Subject: Re: TC 3.3: getRequestURI()
| 
| 
| "Ignacio J. Ortega" wrote:
| > 
| > Probably will be the Session id interceptor that does not understand a
| > encoded jsessionid, not in the mod_jk..
| 
| I was thinking that ap_escape_uri was changing ? into %3b and causing the
| problem...
| 
| > 
| > Saludos ,
| > Ignacio J. Ortega

Index: src/share/org/apache/tomcat/modules/session/SessionId.java
===================================================================
RCS file: 
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/modules/session/SessionId.java,v
retrieving revision 1.14
diff -u -b -u -r1.14 SessionId.java
--- src/share/org/apache/tomcat/modules/session/SessionId.java  2001/09/01 00:53:43    
 1.14
+++ src/share/org/apache/tomcat/modules/session/SessionId.java  2001/09/26 17:31:22
@@ -123,15 +123,21 @@
        }
 
        // quick test: if no extra path, no url rewriting.
-       if( request.requestURI().indexOf( ';' ) < 0 )
+       if( request.requestURI().indexOf( ';' ) < 0 &&
+           request.requestURI().indexOf( "%3b" ) < 0)
            return 0;
        
        // In case URI rewriting is used, extract the uri and fix
        // the request.
-       String sig=";jsessionid=";
+       String decodedSig=";jsessionid=";
+        String encodedSig = "%3bjsessionid=";
+        String sig = decodedSig;
        int foundAt=-1;
        String sessionId;
        
+       if ((foundAt=request.requestURI().indexOf(sig))==-1){
+         sig = encodedSig;
+       }
        if ((foundAt=request.requestURI().indexOf(sig))!=-1){
            String uri=request.requestURI().toString();
            sessionId=uri.substring(foundAt+sig.length());
@@ -140,6 +146,10 @@
 
             // remove from unparsedURI too, if necessary
             if( !request.unparsedURI().isNull() ) {
+                sig = decodedSig;
+                if (request.unparsedURI().indexOf(sig)==-1) {
+                  sig = encodedSig;
+                }
                 foundAt = request.unparsedURI().indexOf(sig);
                 if (foundAt!=-1) {
                     uri=request.unparsedURI().toString();


Reply via email to