Mark, On 1/7/26 12:18 PM, markt-asf (via GitHub) wrote:
markt-asf merged PR #923: URL: https://github.com/apache/tomcat/pull/923
Thanks for approving/merging this PR -- I was going to ask about it for the January releases.
It has a bit of code in it that seems very relevant for preventing double-encoding of jsessionids as well, which I raised recently as a question when calling HttpServletResponse.encodeURL/encoreRedirectURL. I'm talking about the code in the removeQueryParameters method. This method removes query parameters but could be adapted to remove path parameters. I'm not sure if attempting to use a single method for both operations makes any sense, since it will be called many times per request and therefore has some performance considerations.
-chris --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
