[ https://issues.apache.org/jira/browse/OFBIZ-1690?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15004201#comment-15004201 ]
Jacques Le Roux edited comment on OFBIZ-1690 at 11/13/15 4:21 PM: ------------------------------------------------------------------ It's always interesting to review old issues. Actually we are now (since [r1655803|http://svn.apache.org/viewvc?view=revision&revision=1655803] for OFBIZ-5312) in the reverse situation. By default we don't use jsessionId with <@ofbizUrl>. It now depends on the <jsessionid> parameter in Seo Config (SeoConfig.xml), because <@ofbizUrl> is associated with UrlRegexpTransform It's a good thing. Because using [a session id|https://en.wikipedia.org/wiki/Session_ID] to identify and follow a session is now a deprecated technique [(notably for security reason, see the OWASP link in this stackoverflow question for details)|https://stackoverflow.com/questions/4722151/what-is-the-vulnerability-of-having-jsessionid-on-first-request-only] and everybody use cookies (try to work a complete day with cookies disabled for an experience ;)). So I close this issue as not a problem. was (Author: jacques.le.roux): It's always interesting to review all issues. Actually we are now (since [r1655803|http://svn.apache.org/viewvc?view=revision&revision=1655803] for OFBIZ-5312) in the reverse situation. By default we don't use jsessionId with <@ofbizUrl>. It now depends on the <jsessionid> parameter in Seo Config (SeoConfig.xml), because <@ofbizUrl> is associated with UrlRegexpTransform It's a good thing. Because using [a session id|https://en.wikipedia.org/wiki/Session_ID] to identify and follow a session is now a deprecated technique [(notably for security reason, see the OWASP link in this stackoverflow question for details)|https://stackoverflow.com/questions/4722151/what-is-the-vulnerability-of-having-jsessionid-on-first-request-only] and everybody use cookies (try to work a complete day with cookies disabled for an experience ;)). So I close this issue as not a problem. > Set widget default url encode value to true > ------------------------------------------- > > Key: OFBIZ-1690 > URL: https://issues.apache.org/jira/browse/OFBIZ-1690 > Project: OFBiz > Issue Type: Bug > Components: framework > Affects Versions: Release 4.0, Trunk > Reporter: Bilgin Ibryam > Assignee: Jacques Le Roux > Priority: Minor > Attachments: encode.patch, encode.patch > > > The bug is explained here: http://markmail.org/message/qoxevijc45yhaixo > Can someone with framework access commit it please. > Thanks, > Bilgin -- This message was sent by Atlassian JIRA (v6.3.4#6332)