[jira] [Commented] (ORCHESTRA-60) Orchestra should implement RequestParameterResponseWrapper.encodeRedirectURL()

Tue, 20 Mar 2012 18:41:02 -0700 

    [ 
https://issues.apache.org/jira/browse/ORCHESTRA-60?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13234023#comment-13234023
 ] 

Leonardo Uribe commented on ORCHESTRA-60:
-----------------------------------------

I have checked this one and there is a problem with override 
RequestParameterResponseWrapper.encodeRedirectURL() . In few words, there is no 
warrant the same conversationContext should be used for a redirect. This is the 
javadoc:

"... Encodes the specified URL for use in the sendRedirect method or, if 
encoding is not needed, returns the URL unchanged. The implementation of this 
method includes the logic to determine whether the session ID needs to be 
encoded in the URL. Because the rules for making this determination can differ 
from those used to decide whether to encode a normal link, this method is 
separated from the encodeURL method.

All URLs sent to the HttpServletResponse.sendRedirect method should be run 
through this method. Otherwise, URL rewriting cannot be used with browsers 
which do not support cookies. ..."

What happen if the redirect url is not for the same app? conversationContext 
query param should not be added. Note encodeURL is used always for URL that are 
served for the webapp.

In PrettyFaces case, since it is a layer to generate "pretty" URLs, in my 
opinion it sounds better to use encodeURL.

Suggestions are welcome.
                
> Orchestra should implement RequestParameterResponseWrapper.encodeRedirectURL()
> ------------------------------------------------------------------------------
>
>                 Key: ORCHESTRA-60
>                 URL: https://issues.apache.org/jira/browse/ORCHESTRA-60
>             Project: MyFaces Orchestra
>          Issue Type: Bug
>          Components: Conversation
>    Affects Versions: 1.5
>            Reporter: Christian Kaltepoth
>
> Orchestra currently doesn't implement 
> RequestParameterResponseWrapper.encodeRedirectURL(). The API docs of 
> HttpServletResponse clearly state that encodeRedirectURL() should be called 
> before sending a redirect using sendRedirect(). Therefore the 
> conversationContext parameter is currently lost in these situations.
> Corresponding PrettyFaces issue:
> http://code.google.com/p/prettyfaces/issues/detail?id=125

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to