[
https://issues.apache.org/jira/browse/OFBIZ-1690?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15004201#comment-15004201
]
Jacques Le Roux edited comment on OFBIZ-1690 at 11/13/15 4:21 PM:
------------------------------------------------------------------
It's always interesting to review old issues. Actually we are now (since
[r1655803|http://svn.apache.org/viewvc?view=revision&revision=1655803] for
OFBIZ-5312) in the reverse situation. By default we don't use jsessionId with
<@ofbizUrl>. It now depends on the <jsessionid> parameter in Seo Config
(SeoConfig.xml), because <@ofbizUrl> is associated with UrlRegexpTransform
It's a good thing. Because using [a session
id|https://en.wikipedia.org/wiki/Session_ID] to identify and follow a session
is now a deprecated technique [(notably for security reason, see the OWASP link
in this stackoverflow question for
details)|https://stackoverflow.com/questions/4722151/what-is-the-vulnerability-of-having-jsessionid-on-first-request-only]
and everybody use cookies (try to work a complete day with cookies disabled
for an experience ;)).
So I close this issue as not a problem.
was (Author: jacques.le.roux):
It's always interesting to review all issues. Actually we are now (since
[r1655803|http://svn.apache.org/viewvc?view=revision&revision=1655803] for
OFBIZ-5312) in the reverse situation. By default we don't use jsessionId with
<@ofbizUrl>. It now depends on the <jsessionid> parameter in Seo Config
(SeoConfig.xml), because <@ofbizUrl> is associated with UrlRegexpTransform
It's a good thing. Because using [a session
id|https://en.wikipedia.org/wiki/Session_ID] to identify and follow a session
is now a deprecated technique [(notably for security reason, see the OWASP link
in this stackoverflow question for
details)|https://stackoverflow.com/questions/4722151/what-is-the-vulnerability-of-having-jsessionid-on-first-request-only]
and everybody use cookies (try to work a complete day with cookies disabled
for an experience ;)).
So I close this issue as not a problem.
> Set widget default url encode value to true
> -------------------------------------------
>
> Key: OFBIZ-1690
> URL: https://issues.apache.org/jira/browse/OFBIZ-1690
> Project: OFBiz
> Issue Type: Bug
> Components: framework
> Affects Versions: Release 4.0, Trunk
> Reporter: Bilgin Ibryam
> Assignee: Jacques Le Roux
> Priority: Minor
> Attachments: encode.patch, encode.patch
>
>
> The bug is explained here: http://markmail.org/message/qoxevijc45yhaixo
> Can someone with framework access commit it please.
> Thanks,
> Bilgin
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
