Geronimo
  1. Geronimo
  2. GERONIMO-2192

Jetty can't handle encoded urls that contain a jsessionid

    Details

    • Type: Bug Bug
    • Status: Open
    • Priority: Critical Critical
    • Resolution: Unresolved
    • Affects Version/s: 1.1
    • Fix Version/s: None
    • Component/s: Jetty
    • Security Level: public (Regular issues)
    • Labels:
      None
    • Environment:

      Geronimo 1.1, Jetty version; Sun JDK 1.5_4, OpenSuSE 10.1, 712 MB RAM

      Description

      Hello,

      another testing here was to check if a webapp would still be usable when the user blocks any cookies from us. JEE typically uses a cookie named JSESSIONID (I think this is specified somewhere) to identify a user at a web request time. Now, if cookies are blocked, the developers are instructed to "encode" the urls using the HttpServletResponse.encode() method. Even the JSTL and c:url use this behaviour (fortunately ).

      Anyway, today, Jetty had some problems when cookies are blocked. The urls are encoded at request time, so, a url like

      /register.jspx

      becomes

      /register.jspx;jsessionid=<long hexadecimal value>

      Using Tomcat, everything works as expected (i.e. the user gets identified as long as he/she uses the session identifier). Jetty, on the other hand, drops the request with a HTTP 404 error telling that it can't find a file named "register.jspx;jsessionid=<long value>". This is, of course, right. However, it's not the expected behaviour.

      Seems that Jetty can't figure out that this request is encoded ...

        Activity

        No work has yet been logged on this issue.

          People

          • Assignee:
            Unassigned
            Reporter:
            D. Strauss
          • Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:

              Development