Hi there,
the problem described, looks exactly like the one Gordon Maclean addressed the
first time. I also ran into it and sent out the mail I attached below, which
proposes a bugfix with the request to incorporate it as soon as possible.
Gordon's previous mail describes the problem very very good and he also proposed
a bugfix, which is essentially the same as mine (I didn't know he already did).
Unfortunately both requests were silently ignored. Probably due to the fact that
the active developers did not run into the problem, maybe because they are using
some other configuration. The problem only seems to show up, when using Apache
together with mod_jk and Tomcat 3.2.1 and when using Netscape 4.7x.
The fix really isn't a big deal. And obviously quite a few people are running
into it. The issue at hand really seems to be a bug, because it comes in due to
the fact that in some places the port number :80 is suppressed and in some it is
not.
Here it is (BaseTag.java):
> public int doStartTag() throws JspException {
> HttpServletRequest request = (HttpServletRequest)pageContext.getRequest();
> StringBuffer buf = new StringBuffer("<base href=\"");
> buf.append(request.getScheme());
> buf.append("://");
> buf.append(request.getServerName());
> if ("http".equals(request.getScheme()) &&
> (80 == request.getServerPort())) {
> ;
> } else if ("https".equals(request.getScheme()) &&
> (443 == request.getServerPort())) {
> ;
> } else {
> buf.append(":");
> buf.append(request.getServerPort());
> }
> buf.append(request.getRequestURI());
> buf.append("\">");
> JspWriter out = pageContext.getOut();
> try {
> out.write(buf.toString());
> }
> catch (IOException e) {
> pageContext.setAttribute(Action.EXCEPTION_KEY, e,
> PageContext.REQUEST_SCOPE);
> throw new JspException(messages.getMessage("common.io", e.toString()));
> }
> return EVAL_BODY_INCLUDE;
> }
In RequestUtils.java it is not:
> public static String absoluteURL(HttpServletRequest request, String path) {
>
> try {
> URL url = new URL(request.getScheme(),
> request.getServerName(),
> request.getServerPort(),
> request.getContextPath() + path);
> return (url.toString());
> } catch (MalformedURLException e) {
> return (null);
> }
So I would like to request the minor code modification again before Struts 1.0
is finally released. I did it in my setup and everything worked fine from then
on. So why hesitate? I think the configuration in which it shows up, is quite
common. Obviously quite some people will be running into it.
Thanks,
--- Matthias
Matthias Bauer +++ [EMAIL PROTECTED] +++ LivingLogic AG +++ www.livinglogic.de
> To all active developers.
>
> I would like to see a minor change (bugfix) in struts, which fixes the problem
> outlined in a previous mail from Gordon Maclean, subjected "netscape 4.7x,
> session ids and struts". I attached it to the end of this mail because it
> describes the problem very good.
>
> I ran into the same problem this morning and finally found a workaround. I would
> like to see this change in struts before it is released as official version 1.0.
> It simply prevents the function RequestUtil.absoluteURL() from including the
> port number into the URL, when the port number is equal to 80.
>
> Unfortunately I do not have a (and don't want to open one now) Bugzilla account.
> Nevertheless I would like to ask an active developer to implement this change. I
> am quite sure, that considerably many developers have already stumbled over this
> problem outlined int Gordon's mail.
>
> Here is the little change in the code (RequestUtils.java):
>
> Former code:
>
> > public static String absoluteURL(HttpServletRequest request, String path) {
> >
> > try {
> > URL url = new URL(request.getScheme(),
> > request.getServerName(),
> > request.getServerPort(),
> > request.getContextPath() + path);
> > return (url.toString());
> > } catch (MalformedURLException e) {
> > return (null);
> > }
> >
> > }
>
> New code:
>
> > public static String absoluteURL(HttpServletRequest request, String path) {
> >
> > try {
> > int port = request.getServerPort();
> > URL url;
> > if (80 == port)
> > {
> > url = new URL(request.getScheme(),
> > request.getServerName(),
> > request.getContextPath() +
>path);
> > }
> > else
> > {
> > url = new URL(request.getScheme(),
> > request.getServerName(),
> > port,
> > request.getContextPath() +
>path);
> > }
> > return (url.toString());
> > } catch (MalformedURLException e) {
> > return (null);
> > }
> >
> > }
>
> Thanks,
>
> --- Matthias
>
>
>
> Matthias Bauer +++ [EMAIL PROTECTED] +++ LivingLogic AG +++ www.livinglogic.de
>
>
>
> Gordon's Previous Mail with the bug description:
> ================================================
>
> > Using netscape 4.7x on either solaris, linux or windows, the
> > struts-example fails, because I am bounced between two different
> > sessions.
> >
> > The symptom indicates to me that netscape keeps separate lists
> > of cookies for the following URLs:
> >
> > http://myhost
> > http://myhost:80
> >
> > As one goes through the struts example, the URL is
> > sometimes displayed as myhost, and sometimes as myhost:80,
> > and I am never allowed past the login because the user
> > information is kept in a session associated with myhost,
> > and can't be found in a session associated with myhost:80.
> >
> > Environment: struts nightly download as of Feb 12, 2001.
> > Tomcat 3.2.1, mod_jk, apache 1.3.12 on RH7.
> >
> > I have all cookies enabled in netscape preferences, with
> > "Warn before accepting a cookie" also turned on for debugging.
> >
> > 1. When I try the struts-example with the following URL:
> >
> > http://myhost/struts-example
> >
> > Netscape asks if I want to send the cookie JSESSIONID=f78s0eymd1,
> > and I click OK.
> >
> > 2. I select the "Log on ..." link. Then the logon form is displayed at
> > a
> > URL of
> > http://myhost:80/struts-example/logon.jsp;jsessionid=f78s0eymd1
> >
> > Note the cookie in the URL because struts doesn't yet know if my browser
> > accepts cookies. Also note the port number 80 in the URL.
> >
> > 3. I enter user:pass and Submit.
> >
> > LogonAction logs the following message:
> >
> > 2001-02-15 01:59:47 - path="/struts-example" :action: LogonAction:
> > User 'user' logged on in session f78s0eymd1
> >
> >
> > The mainMenu.jsp page is displayed, with a URL:
> >
> > http://myhost/struts-example/logon.do;jsessionid=f78s0eymd1
> >
> > (note no port number is in the URL)
> >
> > 4. Then, when I select "Edit your" the netscape question box pops up
> > asking if I want to send a cookie JSESSIONID=ynsmafyqr1.
> > The URL is shown as
> > http://myhost:80/struts-example/editRegistration.do?action=Edit
> >
> > This shouldn't happen, it should use the first session id!
> >
> > 5. When I click on OK, then, EditRegistrationAction logs the following
> > error:
> >
> > 2001-02-15 02:00:55 - path="/struts-example" :action: User is not
> > logged on in session ynsmafyqr1
> >
> >
> > The logon.jsp form is again displayed. If I enter user:pass, then
> > LogonAction reports a successfull login in session f78s0eymd1
> > (the first session id again!)
> >
> > When I select "Edit ..." I get the same error from
> > EditRegistrationAction about "User is not logged on in session
> > ynsmafyqr1".
> > And so on, ad-infinitum.
> >
> > If I disable cookies in netscape preferences, then things
> > work with URL rewriting, and EditRegistrationAction forwards me to
> > registration.jsp.
> >
> > The problem also does not show up with IE 5.
> >
> > Also, at step 4, if I manually enter a URL of:
> > http://myhost/struts-example/editRegistration.do?action=Edit
> > then EditRegistrationAction succeeds and forwards to registration.jsp.
> >
> >
> > If I am right about netscape keeping separate cookie lists, then perhaps
> > a workaround is for struts (specifically the html taglib) not to add
> > the port number when generating URLs?
> >
> > I haven't tested this solution.
> >
> > Someone must have run into it also?
> >
> > Gordon Maclean
> >
> > --
> > *****************************************************
> > Gordon Maclean, Software Engineer, 303 497-8794
> > Nat'l Center for Atmospheric Research, Boulder CO USA
> > *****************************************************
