-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/02/2012 20:35, Christopher Schultz wrote: > All, > > There was a change in 6.0.33 (and it has always been the case in > 7.0.x?) that HttpServletRequest.getRequestURI now returns path > parameters as part of the URI. That notably includes the > URL-encoded jsessionid that Tomcat uses when the availability of > cookies on the client is set to be determined. > > I have a Filter that checks to see if the user is accessing a > particular set of predefined pages and redirects them if they > don't hit any of them. > > Needless to say, without any changes to my code, anyone who hits > this filter who either has cookies disabled or is in the middle of > an authentication ritual that redirects to the original page is > going to have a problem. > > Is it safe to simply remove everything after the initial ";" if > I'm not interested in any path parameters? I don't want to just > trim-off that kind of thing blindly if there are any gotchas that I > should be aware of. > > Can anyone think of a reason I can't just do that?
Yes. Path parameters can occur at any part of the path. Mark -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPMt0XAAoJEBDAHFovYFnnqwwP/0rOF5jJeEXWT3CToOgah8hq gSmRy8fnUbOPIwJlc66Y4M8zv8dRmu2XmY5zfNL+G8QshzV3Bxwg5hK1PssHjMcF eeyYuafVO7N2GgkqiC/9wnuhjSdijCWCWDNT8PMcAJh64vj+NEJ8Qq3EGwv4rbyq GT6oXevwayzskYMm+F/QdUBj/APDMiMfwGd0GzcdcRbaW5s5zVtHHofqAJ3u2txQ iCobCSMlf8/Vqm3CBCHJSUvQDLC7V0B4Imd4J77bg3Cmh+buIBFzKJeZHQdKSIui dUgouT7IHYtSChkxcf3yBuIkZQYJk4i/qHIrGmWslU1c5G3I1O/3lJuucXDsj/3V ZWTx4dvedywk3RjtJBEb21Q3q+buWx66+4mqpuHKW2TJlsh0S/hjC4k+Yiw71Xa+ qHWdodS5WCvsaJConMUdlTk+MHYQAXf3iqygYNm3PwrGmgLO2zFpnqdF3mQNIbwR ZhgtxRpkIXZvmeq2jykZzLk9rDIoXp3bhd7/NO5lYzgc2CLZNp5atfmT6WbPUiWc YmF2jqhpTkK4L32Y0989XMcNhUg5Lil/YoAPjuOcNhPB0ax47LgSOJiV7Et+0TjK iSJsAlhBFJhI/whWCo6LHZ2al5wOOolFJD+H/x7F4vmr7UfvxnSOhg67o1pcxrb8 cFVd0+BfBkE8hcmOOjs5 =d1RU -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
