I was investigating bug #484 in Bugzilla:
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=484
I was not able to recreate this bug as reported.
I am using Tomcat 3.2.1 Final, where the bug was reported using Tomcat
3.2.1 Nightly on Jan 21, 2001. This may be the cause.
I tested all of the cases mentioned, and added one more URL string to
test:
4. "rtx/LoginFailed.html"
I tested using SSL on both ports 443 and 445, with ajp12 and with
ajp13.
The main thing I learned is that you should never call
response.sendRedirect() from a secure webapp without using ajp13, since
it redirects to the URL but changes "https://" to "http://" and the
desired redirect will not happen because the webserver is only allowing
SSL connections. This is not a bug (since ajp13 works) but I bet a lot
of people will make this mistake with their webapps.
I am interpreting the documentation for response.sendRedirect()
differently from the bug reporter; it does not specifically state that
the path cannot extend outside the servlet context. Therefore, when
scenarios a2 and a3 happen, the failure is warranted.
I've attached a tarball of the webapp I used to test, which contains
JSP pages to test all the permutations. I would like for at least one
more person to verify this. In short, I think this is an ex-bug.
Thanks,
Steve
484.tar.gz
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
