This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new fd82e6cc7c Encode redirect URL used by the rewrite valve with session
id
fd82e6cc7c is described below
commit fd82e6cc7c4008dac9fd12ac3445f1c090142183
Author: remm <[email protected]>
AuthorDate: Tue Jun 3 13:53:01 2025 +0200
Encode redirect URL used by the rewrite valve with session id
Handle different cross context session configuration.
BZ69699
---
java/org/apache/catalina/connector/Request.java | 2 +-
java/org/apache/catalina/valves/rewrite/RewriteValve.java | 7 +++++--
webapps/docs/changelog.xml | 5 +++++
3 files changed, 11 insertions(+), 3 deletions(-)
diff --git a/java/org/apache/catalina/connector/Request.java
b/java/org/apache/catalina/connector/Request.java
index 087e5bc749..9973996014 100644
--- a/java/org/apache/catalina/connector/Request.java
+++ b/java/org/apache/catalina/connector/Request.java
@@ -517,7 +517,7 @@ public class Request implements HttpServletRequest {
}
- protected void recycleSessionInfo() {
+ public void recycleSessionInfo() {
if (session != null) {
try {
session.endAccess();
diff --git a/java/org/apache/catalina/valves/rewrite/RewriteValve.java
b/java/org/apache/catalina/valves/rewrite/RewriteValve.java
index 347e2d04f9..980dde353c 100644
--- a/java/org/apache/catalina/valves/rewrite/RewriteValve.java
+++ b/java/org/apache/catalina/valves/rewrite/RewriteValve.java
@@ -461,11 +461,13 @@ public class RewriteValve extends ValveBase {
if (context && urlStringEncoded.charAt(0) == '/' &&
!UriUtil.hasScheme(urlStringEncoded)) {
urlStringEncoded.insert(0,
request.getContext().getEncodedPath());
}
+ String redirectPath;
if (rule.isNoescape()) {
-
response.sendRedirect(UDecoder.URLDecode(urlStringEncoded.toString(),
uriCharset));
+ redirectPath =
UDecoder.URLDecode(urlStringEncoded.toString(), uriCharset);
} else {
- response.sendRedirect(urlStringEncoded.toString());
+ redirectPath = urlStringEncoded.toString();
}
+
response.sendRedirect(response.encodeRedirectURL(redirectPath));
response.setStatus(rule.getRedirectCode());
done = true;
break;
@@ -577,6 +579,7 @@ public class RewriteValve extends ValveBase {
chunk.append(host.toString());
}
request.getMappingData().recycle();
+ request.recycleSessionInfo();
// Reinvoke the whole request recursively
Connector connector = request.getConnector();
try {
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index be31ca4155..9666aa852c 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -184,6 +184,11 @@
in a single URL segment. Based on pull request <pr>860</pr> by Chenjp.
(markt)
</fix>
+ <fix>
+ <bug>69699</bug>: Encode redirect URL used by the rewrite valve with
+ the session id if appropriate, and handle cross context with different
+ session configuration when using rewrite. (remm)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
