On 19/11/2025 13:11, Christopher Schultz wrote:
<snip/>
I'm curious about the expectations, here. If a URL ends up being passed-
through HttpServletResponse.encodeURL() more than once, is that an
application bug or should the container take steps to avoid adding the
same information to the URL multiple times?
I don't recall reading any specific language about that in the Servlet
specification.
It only appears in the TCK in the signature tests.
All there really is is the Javadoc.
I think a reasonable reading of the current Javadoc is that multiple
calls are OK and the container should take steps to avoid duplicating
information. Specifically:
"Encodes the specified URL by including the session ID in it, or, if
encoding is not needed, returns the URL unchanged."
While the examples listed shortly afterwards don't include "already
encoded" in the "logic to determine where the session ID needs to be
encoded in the URL" the examples don't exclude it. And the earlier
language implies it.
You could ask (what was) the Servlet EG for an opinion.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
