Author: markt Date: Fri Dec 20 09:41:18 2013 New Revision: 1552563 URL: http://svn.apache.org/r1552563 Log: Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=55266 Parse session ID before redirect as session ID may need to be encoded
Modified: tomcat/tc6.0.x/trunk/STATUS.txt tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1552563&r1=1552562&r2=1552563&view=diff ============================================================================== --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Fri Dec 20 09:41:18 2013 @@ -40,12 +40,6 @@ PATCHES PROPOSED TO BACKPORT: +1: markt, schultz -1: -* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=55266 - https://issues.apache.org/bugzilla/attachment.cgi?id=30608&action=diff - Parse session ID before redirect as session ID may need to be encoded - +1: markt, schultz, kkolinko - -1: - * Fix issue with Manager app and other apps that use i18n in the UI when a request that specifies an Accept-Language of English ahead of French, Spanish or Japanese. Modified: tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java?rev=1552563&r1=1552562&r2=1552563&view=diff ============================================================================== --- tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java (original) +++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java Fri Dec 20 09:41:18 2013 @@ -543,6 +543,15 @@ public class CoyoteAdapter implements Ad return false; } + // Parse session Id + String sessionID = + request.getPathParameter(Globals.SESSION_PARAMETER_NAME); + if (sessionID != null) { + request.setRequestedSessionId(sessionID); + request.setRequestedSessionURL(true); + } + parseSessionCookiesId(req, request); + // Possible redirect MessageBytes redirectPathMB = request.getMappingData().redirectPath; if (!redirectPathMB.isNull()) { @@ -564,15 +573,6 @@ public class CoyoteAdapter implements Ad return false; } - // Parse session Id - String sessionID = - request.getPathParameter(Globals.SESSION_PARAMETER_NAME); - if (sessionID != null) { - request.setRequestedSessionId(sessionID); - request.setRequestedSessionURL(true); - } - parseSessionCookiesId(req, request); - return true; } Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=1552563&r1=1552562&r2=1552563&view=diff ============================================================================== --- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original) +++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Fri Dec 20 09:41:18 2013 @@ -61,6 +61,11 @@ a prefix. (kkolinko) </fix> <fix> + <bug>55266</bug>: Ensure that the session ID is parsed from the request + before any redirect as the session ID may need to be encoded as part of + the redirect URL. (markt) + </fix> + <fix> <bug>55404</bug>: Log warnings about using security roles in web.xml as warnings. (markt) </fix> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org