Hi all,
I sent this message out to the struts-user list on 02/22/01, but did not hear
any response since then. But as it hits a point which I would really like to see
changed, I am resending it to this list now hoping to get at least some feedback
which says why obviously nobody is interested in doing this little bugfix. I can
not imagine that nobody except me is running into this problem - well no: I know
from the struts-user list that obviously some other people had to fight this
strange behaviour.
So please give at least some feedback.
Thanks,
--- Matthias
Matthias Bauer wrote:
>
> To all active developers.
>
> I would like to see a minor change (bugfix) in struts, which fixes the problem
> outlined in a previous mail from Gordon Maclean, subjected "netscape 4.7x,
> session ids and struts". I attached it to the end of this mail because it
> describes the problem very good.
>
> I ran into the same problem this morning and finally found a workaround. I would
> like to see this change in struts before it is released as official version 1.0.
> It simply prevents the function RequestUtil.absoluteURL() from including the
> port number into the URL, when the port number is equal to 80.
>
> Unfortunately I do not have a (and don't want to open one now) Bugzilla account.
> Nevertheless I would like to ask an active developer to implement this change. I
> am quite sure, that considerably many developers have already stumbled over this
> problem outlined int Gordon's mail.
>
> Here is the little change in the code (RequestUtils.java):
>
> Former code:
>
> > public static String absoluteURL(HttpServletRequest request, String path) {
> >
> > try {
> > URL url = new URL(request.getScheme(),
> > request.getServerName(),
> > request.getServerPort(),
> > request.getContextPath() + path);
> > return (url.toString());
> > } catch (MalformedURLException e) {
> > return (null);
> > }
> >
> > }
>
> New code:
>
> > public static String absoluteURL(HttpServletRequest request, String path) {
> >
> > try {
> > int port = request.getServerPort();
> > URL url;
> > if (80 == port)
> > {
> > url = new URL(request.getScheme(),
> > request.getServerName(),
> > request.getContextPath() +
>path);
> > }
> > else
> > {
> > url = new URL(request.getScheme(),
> > request.getServerName(),
> > port,
> > request.getContextPath() +
>path);
> > }
> > return (url.toString());
> > } catch (MalformedURLException e) {
> > return (null);
> > }
> >
> > }
>
> Thanks,
>
> --- Matthias
>
> Matthias Bauer +++ [EMAIL PROTECTED] +++ LivingLogic AG +++ www.livinglogic.de
>
> Gordon's Previous Mail with the bug description:
> ================================================
>
> > Using netscape 4.7x on either solaris, linux or windows, the
> > struts-example fails, because I am bounced between two different
> > sessions.
> >
> > The symptom indicates to me that netscape keeps separate lists
> > of cookies for the following URLs:
> >
> > http://myhost
> > http://myhost:80
> >
> > As one goes through the struts example, the URL is
> > sometimes displayed as myhost, and sometimes as myhost:80,
> > and I am never allowed past the login because the user
> > information is kept in a session associated with myhost,
> > and can't be found in a session associated with myhost:80.
> >
> > Environment: struts nightly download as of Feb 12, 2001.
> > Tomcat 3.2.1, mod_jk, apache 1.3.12 on RH7.
> >
> > I have all cookies enabled in netscape preferences, with
> > "Warn before accepting a cookie" also turned on for debugging.
> >
> > 1. When I try the struts-example with the following URL:
> >
> > http://myhost/struts-example
> >
> > Netscape asks if I want to send the cookie JSESSIONID=f78s0eymd1,
> > and I click OK.
> >
> > 2. I select the "Log on ..." link. Then the logon form is displayed at
> > a
> > URL of
> > http://myhost:80/struts-example/logon.jsp;jsessionid=f78s0eymd1
> >
> > Note the cookie in the URL because struts doesn't yet know if my browser
> > accepts cookies. Also note the port number 80 in the URL.
> >
> > 3. I enter user:pass and Submit.
> >
> > LogonAction logs the following message:
> >
> > 2001-02-15 01:59:47 - path="/struts-example" :action: LogonAction:
> > User 'user' logged on in session f78s0eymd1
> >
> >
> > The mainMenu.jsp page is displayed, with a URL:
> >
> > http://myhost/struts-example/logon.do;jsessionid=f78s0eymd1
> >
> > (note no port number is in the URL)
> >
> > 4. Then, when I select "Edit your" the netscape question box pops up
> > asking if I want to send a cookie JSESSIONID=ynsmafyqr1.
> > The URL is shown as
> > http://myhost:80/struts-example/editRegistration.do?action=Edit
> >
> > This shouldn't happen, it should use the first session id!
> >
> > 5. When I click on OK, then, EditRegistrationAction logs the following
> > error:
> >
> > 2001-02-15 02:00:55 - path="/struts-example" :action: User is not
> > logged on in session ynsmafyqr1
> >
> >
> > The logon.jsp form is again displayed. If I enter user:pass, then
> > LogonAction reports a successfull login in session f78s0eymd1
> > (the first session id again!)
> >
> > When I select "Edit ..." I get the same error from
> > EditRegistrationAction about "User is not logged on in session
> > ynsmafyqr1".
> > And so on, ad-infinitum.
> >
> > If I disable cookies in netscape preferences, then things
> > work with URL rewriting, and EditRegistrationAction forwards me to
> > registration.jsp.
> >
> > The problem also does not show up with IE 5.
> >
> > Also, at step 4, if I manually enter a URL of:
> > http://myhost/struts-example/editRegistration.do?action=Edit
> > then EditRegistrationAction succeeds and forwards to registration.jsp.
> >
> >
> > If I am right about netscape keeping separate cookie lists, then perhaps
> > a workaround is for struts (specifically the html taglib) not to add
> > the port number when generating URLs?
> >
> > I haven't tested this solution.
> >
> > Someone must have run into it also?
> >
> > Gordon Maclean
> >
> > --
> > *****************************************************
> > Gordon Maclean, Software Engineer, 303 497-8794
> > Nat'l Center for Atmospheric Research, Boulder CO USA
> > *****************************************************
