[
https://issues.apache.org/jira/browse/TRINIDAD-1233?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12632737#action_12632737
]
Scott O'Bryan commented on TRINIDAD-1233:
-----------------------------------------
This patch removes the jsessionid and everything after it. Graphical resources
may be retrieved from a servlet which uses query parameters. As such, I think
we need to JUST exclude the jsessionId path parameter.
According to the URI specification, URI's follow this generic format:
<SCHEME>:<AUTHORITY>/<PATH>?<QUERY>#<SEGMENT>
The jsessionId is actually part of the path segment. Within the path segment,
anything after the ";" is generally ignored for the purposes of name resolution
and can be application specific information like a jsessionId. I think what we
need to do to fix this bug is exclude only the content in the "path" after the
";". We do need to preserve the query and segment sections of the URI however.
> URLs in generated CSS might include ;jessionid=xxxx
> ---------------------------------------------------
>
> Key: TRINIDAD-1233
> URL: https://issues.apache.org/jira/browse/TRINIDAD-1233
> Project: MyFaces Trinidad
> Issue Type: Improvement
> Affects Versions: 1.2.9-core
> Environment: Trinidad 1.2.10-SNAPSHOT
> tomcat 6.0.14
> tomcat 5.5
> Reporter: Harald Kuhn
> Attachments: CSSUtils.java.patch
>
>
> Depending on the Servlet-Container URLs in the generated CSS-file may include
> the Session-Id (of the session that initiated the generation).
> i.e.
> background-image:url(/aim/css/skin/airplus/img/dialogclose.gif;jsessionid=8A002E216A7B2BF42735740787DBF102.tomcat)
> This part of the URL should be removed.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
