DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=27802>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=27802 EncodeURLTransformer encodes off site links [EMAIL PROTECTED] changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution| |INVALID ------- Additional Comments From [EMAIL PROTECTED] 2004-03-26 19:33 ------- ok, now I actually tried it. with jetty, you are right, it incorrectly encodes the url, but tomcat works as expected; no session id for off-site links. so in the end it's a jetty bug. I find the 'behavioural change' implemented by your patch rather aggressive and it makes the transformer hard to use and almost worthless. it's the container's responsibility to determine if the specified URL could be part of one of the container's sessions, i.e. whether it's processed by the same webapp/servlet context. and now to something (not really ;-) completely differrent; EUT's checkForEncoding() could be improved by checking whether the requested session id is valid. the other thing is o.a.c.e.h.HttpResponse trying to be smart on url encoding but being pretty dumb (doing url.indexOf(";jsessionid=") != -1 checking). the container would do something similar so this is just (buggy) duplication.
