On 07/01/2026 18:13, Christopher Schultz wrote:
Mark,
On 1/7/26 12:18 PM, markt-asf (via GitHub) wrote:
markt-asf merged PR #923:
URL: https://github.com/apache/tomcat/pull/923
Thanks for approving/merging this PR -- I was going to ask about it for
the January releases.
It has a bit of code in it that seems very relevant for preventing
double-encoding of jsessionids as well, which I raised recently as a
question when calling HttpServletResponse.encodeURL/encoreRedirectURL.
I'm talking about the code in the removeQueryParameters method. This
method removes query parameters but could be adapted to remove path
parameters. I'm not sure if attempting to use a single method for both
operations makes any sense, since it will be called many times per
request and therefore has some performance considerations.
Probably worth writing a quick performance test to see if a shared
method makes sense or if separate, optimised methods are better.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
