On 09/05/2011 13:58, Konstantin Kolinko wrote: > I have seen applications where /webappname is not redirected to > /webappname/ but is served as is. IIRC, that happens when there is no > welcome file. > > If I understand correctly, this change will break them. Maybe make it > conditional?
The mapper redirects /test to /test/ unless there is an exact match or a prefix match (which won't happen for /test) so there should always be a redirect to /test/ I can't see a route for a request to /test getting to passed to a web application. I'll do some more testing but I think this change is safe. > For reference, discussion on users@ > [1] http://markmail.org/message/wsmv4jecrwggpzaj Yep, that is what triggered this. I did do some testing and while Firefox does what you'd want it to, IE sends a cookie with a path of /test with a request for /testfoo. Mark > > > 2011/5/9 <ma...@apache.org>: >> Author: markt >> Date: Mon May 9 12:45:55 2011 >> New Revision: 1100992 >> >> URL: http://svn.apache.org/viewvc?rev=1100992&view=rev >> Log: >> Ensure session cookie paths end in / so that session cookies created for a >> context with a path of /foo do not get returned with requests mapped to a >> context with a path of >> /foobar >> >> Modified: >> >> tomcat/trunk/java/org/apache/catalina/core/ApplicationSessionCookieConfig.java >> tomcat/trunk/webapps/docs/changelog.xml >> >> Modified: >> tomcat/trunk/java/org/apache/catalina/core/ApplicationSessionCookieConfig.java >> URL: >> http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/core/ApplicationSessionCookieConfig.java?rev=1100992&r1=1100991&r2=1100992&view=diff >> ============================================================================== >> --- >> tomcat/trunk/java/org/apache/catalina/core/ApplicationSessionCookieConfig.java >> (original) >> +++ >> tomcat/trunk/java/org/apache/catalina/core/ApplicationSessionCookieConfig.java >> Mon May 9 12:45:55 2011 >> @@ -158,8 +158,10 @@ public class ApplicationSessionCookieCon >> } >> // Handle special case of ROOT context where cookies require a path >> of >> // '/' but the servlet spec uses an empty string >> - if (contextPath.length() == 0) { >> - contextPath = "/"; >> + // Also ensure the cookies for a context with a path of /foo don't >> get >> + // sent for requests with a path of /foobar >> + if (!contextPath.endsWith("/")) { >> + contextPath = contextPath + "/"; >> } >> cookie.setPath(contextPath); >> >> >> Modified: tomcat/trunk/webapps/docs/changelog.xml >> URL: >> http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1100992&r1=1100991&r2=1100992&view=diff >> ============================================================================== >> --- tomcat/trunk/webapps/docs/changelog.xml (original) >> +++ tomcat/trunk/webapps/docs/changelog.xml Mon May 9 12:45:55 2011 >> @@ -71,6 +71,12 @@ >> ServletRequest#getServerPort() and ServletRequest#getLocalPort() when >> Tomcat is behind a reverse proxy. (markt) >> </add> >> + <fix> >> + Ensure session cookie paths end in <code>/</code> so that session >> + cookies created for a context with a path of <code>/foo</code> do >> not >> + get returned with requests mapped to a context with a path of >> + <code>/foobar</code>. (markt) >> + </fix> >> </changelog> >> </subsection> >> </section> >> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: dev-h...@tomcat.apache.org >> >> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
