https://issues.apache.org/bugzilla/show_bug.cgi?id=46158
Summary: SessionID missing when redirect to itself in load
balanced environment.
Product: Tomcat 5
Version: 5.5.20
Platform: All
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Catalina
AssignedTo: [email protected]
ReportedBy: [EMAIL PROTECTED]
Set-up:
HW load balancer
Standalone Tomcat's 5.5.20
No session replication
SessionID on URL (NOT as cookie)
1) Request to app (e.g www.acme.com/app) is sent through HW load balancer (e.g
lb.acme.com) to a host of web app (e.g. host1.acme.com/app).
2) Web app creates a session.
3) Web app creates a redirect URL (e.g. host1.acme.com/app/page2) to itself,
same host where the session exist, and ask Tomcat to encodeRedirectURL to
append sessionID on URL.
4) URL is missing the sessionID
Cause:
doIsEncodeable tests if "server name" of request (lb.acme.com or www.acme.com )
is equal to "host name" of URL to be encoded (host1.acme.com) and fails if
different (to prevent sending sessionID to other hosts?).
if (!hreq.getServerName().equalsIgnoreCase(url.getHost()))
return (false);
The test should be changed to not prevent redirect to it self with sessionIDs.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
