(tomcat) branch 11.0.x updated: Remove unnecessary check in addCookie() Add missing check in encodeURL()

Mon, 22 Jun 2026 08:55:33 -0700 

This is an automated email from the ASF dual-hosted git repository.

markt-asf pushed a commit to branch 11.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/11.0.x by this push:
     new a3cd1b6245 Remove unnecessary check in addCookie() Add missing check 
in encodeURL()
a3cd1b6245 is described below

commit a3cd1b6245ccbbba4fb533279fd2e0143fd2663b
Author: Mark Thomas <[email protected]>
AuthorDate: Mon Jun 22 16:55:04 2026 +0100

    Remove unnecessary check in addCookie() Add missing check in encodeURL()
---
 java/org/apache/catalina/connector/Response.java | 26 +++++++++++-------------
 1 file changed, 12 insertions(+), 14 deletions(-)

diff --git a/java/org/apache/catalina/connector/Response.java 
b/java/org/apache/catalina/connector/Response.java
index 91b618c03d..22e30036d4 100644
--- a/java/org/apache/catalina/connector/Response.java
+++ b/java/org/apache/catalina/connector/Response.java
@@ -902,16 +902,13 @@ public class Response implements HttpServletResponse {
             return;
         }
 
+        // Note: This also ensures context is not null
         String header = generateCookieString(cookie);
         if (header == null) {
             return;
         }
-        Context context = getContext();
-        if (context == null) {
-            return;
-        }
         // if we reached here, no exception, cookie is valid
-        addHeader("Set-Cookie", header, 
context.getCookieProcessor().getCharset());
+        addHeader("Set-Cookie", header, 
getContext().getCookieProcessor().getCharset());
     }
 
     /**
@@ -1115,17 +1112,18 @@ public class Response implements HttpServletResponse {
         }
 
         if (isEncodeable(absolute)) {
-            // W3c spec clearly said
-            if (url.equalsIgnoreCase("")) {
-                url = absolute;
-            } else if (url.equals(absolute) && !hasPath(url)) {
-                url += '/';
+            Session session = request.getSessionInternal();
+            if (session != null) {
+                // W3c spec clearly said
+                if (url.equalsIgnoreCase("")) {
+                    url = absolute;
+                } else if (url.equals(absolute) && !hasPath(url)) {
+                    url += '/';
+                }
+                return toEncoded(url, session.getIdInternal());
             }
-            return toEncoded(url, 
request.getSessionInternal().getIdInternal());
-        } else {
-            return url;
         }
-
+        return url;
     }
 
 


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to