![]() |
|
|
|
|
Change By:
|
Tobias Mattsson
(14/Oct/13 1:45 PM)
|
|
Description:
|
In Magnolia we currently have issues handling path parameters such as JSESSIONID. Path parameters are part of the URL and are preceded by a semicolon. The semicolon is a reserved character in URLs.
After MAGNOLIA-3716
- VirtualUriFilter does not encode redirect Uri - CLOSED
we started seeing JSESSIONID appearing more often. We're now asking the servlet container to encode the redirect url before returning it, it will include the JSESSIONID if it thinks its needed.
Jetty has always included the JSESSIONID path parameter in the return from HttpServletRequest.getRequestURI(), as of version 6.0.33 Tomcat does too. See https://issues.apache.org/bugzilla/show_bug.cgi?id=51833 Arguably this is the correct behaviour. It is up to the web application to parse the returned uri and strip path parameters from it.
In Magnolia we need to make sure the JSESSIONID is stripped whenever we access the request object directly and ensure that it's stripped when populating the AggregationState / RenderingContext.
*Mime types are not set correctly*
In ContentTypeFilter we use the extension to lookup the correct mime type. However the extension we're looking for is jpg;JSESSIONID=123.
See http://demopublic.magnolia-cms.com/.imaging/stk/pop/stage/dam/demo-project/img/bk/Stage/lines-looking-like-sand/jcr:content/lines%20looking%20like%20sand.2012-02-17-12-18-07.jpg;JSESSIONID=123
This was reported in MAGNOLIA-3841 - Mime type resolution fails when running in jetty due to ;jsessionid being included in the path - OPEN
*
ServletDispatchingFilter fails to map requests
*
When the URI contains a JSESSIONID ServletDispatchingFilter does not match it to the servlet.
It uses the uri in AggregationState if a WebContext is present, otherwise it takes it from getRequestURI(). See Mapping.findMatcher().
See http://demoauthor.magnolia-cms.com/.magnolia/admincentral;jsessionid=EE3DB6042B1B57AD55C2633428F44496
This is the cause of MAGNOLIA-4911
- Sticky "jsessionid" URL parameter causes 404 right after login - CLOSED
.
It was however fixed by using the Servlet 3.0 feature tracking-mode=cookie, this needs to be reverted, see MAGNOLIA-5356
- Web.xml uses 2.5 and 3.0 features but specifies 2.4, does not start on JBoss AS - REOPENED
*
Page rendering fails with 404
*
When a JSESSIONID is present in the URI AggregatorFilter can't find the content because its looking for a node having it in its name.
Note that this only happens when not using an extension, this is because URI2RepositoryMapping#getHandle strips of the extension and with it the path parameters.
http://demopublic.magnolia-cms.com/demo-project;jsessionid=EE3DB6042B1B57AD55C2633428F44496
*Install filter does start Magnolia*
When there's a JSESSIONID present the InstallFilter does not recognize the start action in the URI and returns 500
See http://localhost:8080/.magnolia/installer/start;JSESSIONID=123
*ContextFilter puts JSESSIONID into MDC*
Needs to strip path parameters
*BasePatternVoter and subclasses fail to match*
When its subclasses URIPatternVoter and URIRegexVoter are used with HttpServletRequest they will not match if a JSESSIONID is present
*RequestAttributeStrategy returns uri with JSESSIONID*
When asked for the constant "requestURI" it will return it with the JSESSIONID
*RedirectClientCallback fails to check if at target*
If there's a JSESSIONID in the path the check to see if it's already at the target won't have effect.
*RangeSupportFilter includes JSESSIONID in ETag*
It needs to be stripped before extracting the file name from the request URI.
|
|
|
|
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
|
----------------------------------------------------------------
For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively, use our forums: http://forum.magnolia-cms.com/
To unsubscribe, E-mail to: <dev-list-unsubscr...@magnolia-cms.com>
----------------------------------------------------------------
