DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=6600>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=6600 enodeURL adds 'jsession' when 'isRequestedSessionIdFromURL' returns false Summary: enodeURL adds 'jsession' when 'isRequestedSessionIdFromURL' returns false Product: Tomcat 4 Version: 4.0.2 Final Platform: All OS/Version: All Status: NEW Severity: Normal Priority: Other Component: Catalina AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] CC: [EMAIL PROTECTED] The Servlet 2.3 specification explicitly describes sessions based on the SSL session i.e. a session which is neither based on cookies nor on URL rewriting. When calling encodeURL() on the HttpServletResponse this should be taken into consideration. So the 'jsession' stuff should be added only if isRequestedSessionIdFromURL() returns true. -> fix in org.apache.catalina.connector.HttpResponseBase.isEncodeable(): replace: if (hreq.isRequestedSessionIdFromCookie()) return (false); with: if (!hreq.isRequestedSessionIdFromURL()) return (false); -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>