Thanks, I appreciate the info. As you said just a test. I purged cookies on both ends and disabled cookies on the browser and the server. I have a session filter which ensures a session is created: HttpSession session=((HttpServletRequest)request).getSession(true); if (session.isNew()) { chain.doFilter(request,response); System.out.println( "a new session"); } else { chain.doFilter(request,response); }
The new session println() is called every time(even with the hack). which says to me that tc is ignoring the url encoded sessionid. I've tried every variation I can think of can someone point me in the direction of the tomcats source 8( Christopher Schultz-2 wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Michael, > > Michael Dehmlow wrote: >> '<%=response.encodeURL("test/") %>' > > This should work. > >> '<%="test;jsessionid="+request.getSession().getId() %>' > > Don't do this; find out what the problem is and fix that. I realize this > is only a test, but it's good to debug it before you replicate a hack > everywhere. > >> <?xml version="1.0" encoding="UTF-8" ?> >> <Context cookies="false"></Context> >> >> While the session is not stored in a cookie > > Have you verified that no cookie exchange is occurring? If you have a > cookie left over from a previous run-through, Tomcat might be using that > for session identification and therefore leaving the ";jsessionid=..." > off of encoded URLs. I wouldn't be surprised if the TC code is very > tolerant of this kind of abuse, rather than simply saying "okay, cookies > are disabled; we'll completely ignore them". > >> it appears that tomcat is not >> finding the session i specify. which I think has something to do with the >> fact that encodeURL does not work. > > If your session does not exist, then encodeURL isn't going to change > anything. Make sure that the session exists; I'm guessing that the JSP > page directive session="true" ensures that? > > Try purging your cookies for the test site and see if that fixes anything. > > - -chris > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFG5ax69CaO5/Lv0PARAvfLAJ4i5SqR4k4B3pXnPutXWI8XG00RkQCfacbx > VOq1VVtIZP4/jTxztVwPtzU= > =CYVf > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > -- View this message in context: http://www.nabble.com/Force-URL-encoding-tf4415223.html#a12616711 Sent from the Tomcat - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]