Thanks, I appreciate the info. As you said just a test. I purged cookies on
both ends and disabled cookies on the browser and the server. I have a
session filter which ensures a session is created:
HttpSession session=((HttpServletRequest)request).getSession(true);
if (session.isNew())
{
chain.doFilter(request,response);
System.out.println( "a new session");
}
else
{
chain.doFilter(request,response);
}
The new session println() is called every time(even with the hack). which
says to me that tc is ignoring the url encoded sessionid. I've tried every
variation I can think of can someone point me in the direction of the
tomcats source 8(
Christopher Schultz-2 wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Michael,
>
> Michael Dehmlow wrote:
>> '<%=response.encodeURL("test/") %>'
>
> This should work.
>
>> '<%="test;jsessionid="+request.getSession().getId() %>'
>
> Don't do this; find out what the problem is and fix that. I realize this
> is only a test, but it's good to debug it before you replicate a hack
> everywhere.
>
>> <?xml version="1.0" encoding="UTF-8" ?>
>> <Context cookies="false"></Context>
>>
>> While the session is not stored in a cookie
>
> Have you verified that no cookie exchange is occurring? If you have a
> cookie left over from a previous run-through, Tomcat might be using that
> for session identification and therefore leaving the ";jsessionid=..."
> off of encoded URLs. I wouldn't be surprised if the TC code is very
> tolerant of this kind of abuse, rather than simply saying "okay, cookies
> are disabled; we'll completely ignore them".
>
>> it appears that tomcat is not
>> finding the session i specify. which I think has something to do with the
>> fact that encodeURL does not work.
>
> If your session does not exist, then encodeURL isn't going to change
> anything. Make sure that the session exists; I'm guessing that the JSP
> page directive session="true" ensures that?
>
> Try purging your cookies for the test site and see if that fixes anything.
>
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFG5ax69CaO5/Lv0PARAvfLAJ4i5SqR4k4B3pXnPutXWI8XG00RkQCfacbx
> VOq1VVtIZP4/jTxztVwPtzU=
> =CYVf
> -----END PGP SIGNATURE-----
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
--
View this message in context:
http://www.nabble.com/Force-URL-encoding-tf4415223.html#a12616711
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
