svn commit: r1100992 - in /tomcat/trunk: java/org/apache/catalina/core/ApplicationSessionCookieConfig.java webapps/docs/changelog.xml

Mon, 09 May 2011 05:46:20 -0700 

Author: markt
Date: Mon May  9 12:45:55 2011
New Revision: 1100992

URL: http://svn.apache.org/viewvc?rev=1100992&view=rev
Log:
Ensure session cookie paths end in / so that session cookies created for a 
context with a path of /foo do not get returned with requests mapped to a 
context with a path of
/foobar

Modified:
    
tomcat/trunk/java/org/apache/catalina/core/ApplicationSessionCookieConfig.java
    tomcat/trunk/webapps/docs/changelog.xml

Modified: 
tomcat/trunk/java/org/apache/catalina/core/ApplicationSessionCookieConfig.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/core/ApplicationSessionCookieConfig.java?rev=1100992&r1=1100991&r2=1100992&view=diff
==============================================================================
--- 
tomcat/trunk/java/org/apache/catalina/core/ApplicationSessionCookieConfig.java 
(original)
+++ 
tomcat/trunk/java/org/apache/catalina/core/ApplicationSessionCookieConfig.java 
Mon May  9 12:45:55 2011
@@ -158,8 +158,10 @@ public class ApplicationSessionCookieCon
         }
         // Handle special case of ROOT context where cookies require a path of
         // '/' but the servlet spec uses an empty string
-        if (contextPath.length() == 0) {
-            contextPath = "/";
+        // Also ensure the cookies for a context with a path of /foo don't get
+        // sent for requests with a path of /foobar
+        if (!contextPath.endsWith("/")) {
+            contextPath = contextPath + "/";
         }
         cookie.setPath(contextPath);
 

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1100992&r1=1100991&r2=1100992&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Mon May  9 12:45:55 2011
@@ -71,6 +71,12 @@
         ServletRequest#getServerPort() and ServletRequest#getLocalPort() when
         Tomcat is behind a reverse proxy. (markt)
       </add>
+      <fix>
+        Ensure session cookie paths end in <code>/</code> so that session
+        cookies created for a context with a path of <code>/foo</code> do not
+        get returned with requests mapped to a context with a path of
+        <code>/foobar</code>. (markt)  
+      </fix>
     </changelog>
   </subsection>
 </section>



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to