Author: markt Date: Thu Jan 16 14:59:02 2014 New Revision: 1558822 URL: http://svn.apache.org/r1558822 Log: Ensure that sessions IDs are not parsed from URLs for Contexts where disableURLRewriting is true
Modified: tomcat/tc6.0.x/trunk/STATUS.txt tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1558822&r1=1558821&r2=1558822&view=diff ============================================================================== --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Thu Jan 16 14:59:02 2014 @@ -66,12 +66,6 @@ PATCHES PROPOSED TO BACKPORT: +1: markt, mturk, funkman, remm -1: -* Ensure that sessions IDs are not parsed from URLs for Contexts where - disableURLRewriting is true. - http://people.apache.org/~markt/patches/2014-01-14-disableURLRewriting-tc6-v1.patch - +1: markt,funkman, remm - -1: - PATCHES/ISSUES THAT ARE STALLED: Modified: tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java?rev=1558822&r1=1558821&r2=1558822&view=diff ============================================================================== --- tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java (original) +++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java Thu Jan 16 14:59:02 2014 @@ -508,12 +508,6 @@ public class CoyoteAdapter implements Ad return false; } - // Had to do this after the context was set. - // Unfortunately parseSessionId is still necessary as it - // affects the final URL. Safe as session cookies still - // haven't been parsed. - if (isURLRewritingDisabled(request)) - clearRequestedSessionURL(request); request.setWrapper((Wrapper) request.getMappingData().wrapper); // Filter trace method @@ -546,7 +540,7 @@ public class CoyoteAdapter implements Ad // Parse session Id String sessionID = request.getPathParameter(Globals.SESSION_PARAMETER_NAME); - if (sessionID != null) { + if (sessionID != null && !isURLRewritingDisabled(request)) { request.setRequestedSessionId(sessionID); request.setRequestedSessionURL(true); } Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=1558822&r1=1558821&r2=1558822&view=diff ============================================================================== --- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original) +++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Thu Jan 16 14:59:02 2014 @@ -95,6 +95,10 @@ <code>org.apache.catalina.STRICT_SERVLET_COMPLIANCE</code> is set to <code>true</code>. (markt) </fix> + <fix> + Ensure that sessions IDs are not parsed from URLs for Contexts where + <code>disableURLRewriting</code> is <code>true</code>. (markt) + </fix> </changelog> </subsection> <subsection name="Coyote"> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org