DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=17740>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=17740 HttpResponseBase.encodeURL(String url) automatically creates session Summary: HttpResponseBase.encodeURL(String url) automatically creates session Product: Tomcat 4 Version: 4.1.18 Platform: All OS/Version: All Status: NEW Severity: Normal Priority: Other Component: Catalina AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] I'm trying to write an application that works whether a session is present or not. I want to handle the case when the target browser doen't support cookies, so I am using "response.encodeURL(String url)". But, I have discovered that this statement creates a session if one is not already present. In my opinion, this is not how this method should work. I've traced this probem to line 1033 of HttpResponseBase.java which reads: "return (toEncoded(url, hreq.getSession().getId()));" I think this line should be changed to: "return (toEncoded(url, hreq.getRequestedSessionId()));" The method "hreq.getRequestedSessionId()" will return null if a session doesn't exist, and the method "toEncoded(String url, String sessionId)" (line 736 of HttpResponseBase.java) will work correctly if it is passed a null session ID. This same problem exists in the method "encodeRedirectURL(String url)" (line 1000 of HttpResponseBase.java) --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]