This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new 8621e4c6ba Encode redirect URL used by the rewrite valve with session
id
8621e4c6ba is described below
commit 8621e4c6ba2c916a41eb34cb0f781171ead33fb6
Author: remm <[email protected]>
AuthorDate: Tue Jun 3 13:53:01 2025 +0200
Encode redirect URL used by the rewrite valve with session id
Handle different cross context session configuration.
BZ69699
---
java/org/apache/catalina/connector/Request.java | 2 +-
java/org/apache/catalina/valves/rewrite/RewriteValve.java | 7 +++++--
webapps/docs/changelog.xml | 5 +++++
3 files changed, 11 insertions(+), 3 deletions(-)
diff --git a/java/org/apache/catalina/connector/Request.java
b/java/org/apache/catalina/connector/Request.java
index c3afae0eeb..94d518d341 100644
--- a/java/org/apache/catalina/connector/Request.java
+++ b/java/org/apache/catalina/connector/Request.java
@@ -517,7 +517,7 @@ public class Request implements HttpServletRequest {
}
- protected void recycleSessionInfo() {
+ public void recycleSessionInfo() {
if (session != null) {
try {
session.endAccess();
diff --git a/java/org/apache/catalina/valves/rewrite/RewriteValve.java
b/java/org/apache/catalina/valves/rewrite/RewriteValve.java
index 8c4375c18c..2c79aefc2f 100644
--- a/java/org/apache/catalina/valves/rewrite/RewriteValve.java
+++ b/java/org/apache/catalina/valves/rewrite/RewriteValve.java
@@ -462,11 +462,13 @@ public class RewriteValve extends ValveBase {
if (context && urlStringEncoded.charAt(0) == '/' &&
!UriUtil.hasScheme(urlStringEncoded)) {
urlStringEncoded.insert(0,
request.getContext().getEncodedPath());
}
+ String redirectPath;
if (rule.isNoescape()) {
-
response.sendRedirect(UDecoder.URLDecode(urlStringEncoded.toString(),
uriCharset));
+ redirectPath =
UDecoder.URLDecode(urlStringEncoded.toString(), uriCharset);
} else {
- response.sendRedirect(urlStringEncoded.toString());
+ redirectPath = urlStringEncoded.toString();
}
+
response.sendRedirect(response.encodeRedirectURL(redirectPath));
response.setStatus(rule.getRedirectCode());
done = true;
break;
@@ -578,6 +580,7 @@ public class RewriteValve extends ValveBase {
chunk.append(host.toString());
}
request.getMappingData().recycle();
+ request.recycleSessionInfo();
// Reinvoke the whole request recursively
Connector connector = request.getConnector();
try {
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 76cfd6117e..fa97e4bb77 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -121,6 +121,11 @@
the new <code>ParameterLimitValve</code>. The valve allows configurable
URL-specific limits on the number of parameters. (dsoumis)
</add>
+ <fix>
+ <bug>69699</bug>: Encode redirect URL used by the rewrite valve with
+ the session id if appropriate, and handle cross context with different
+ session configuration when using rewrite. (remm)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
