DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=17530>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=17530 RequestUtils.computeURL should use the session associated with the request to control URL rewriting Summary: RequestUtils.computeURL should use the session associated with the request to control URL rewriting Product: Struts Version: Nightly Build Platform: All OS/Version: All Status: NEW Severity: Normal Priority: Other Component: Utilities AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] CC: [EMAIL PROTECTED] The RequestUtils.computeURL method uses the existence of a session associated with the current page context to determine if URL rewriting should occur. Since it's possible for pageContext.getSession() to return null when ((HttpServletRequest)pageContext.getRequest()).getSession(false) returns a valid session, it seems like the method could fail to rewrite when it should. The situation can occur when a JSP page uses <%@ page session="false" %> but a valid session actually exists. I can't create a patch right now, bit I will later if it's not already addressed. Here's the current state: RequestUtils.computeURL / Revision: 1.90 / Line 550 // Perform URL rewriting to include our session ID (if any) if (pageContext.getSession() != null) { HttpServletResponse response = (HttpServletResponse) pageContext.getResponse(); if (redirect) { return (response.encodeRedirectURL(url.toString())); } else { return (response.encodeURL(url.toString())); } } else { return (url.toString()); } Proposed change: // Perform URL rewriting to include our session ID (if any) if (request.getSession(false) != null) { HttpServletResponse response = (HttpServletResponse) pageContext.getResponse(); if (redirect) { return (response.encodeRedirectURL(url.toString())); } else { return (response.encodeURL(url.toString())); } } else { return (url.toString()); } --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
