Author: markt
Date: Thu Jan 16 14:59:02 2014
New Revision: 1558822
URL: http://svn.apache.org/r1558822
Log:
Ensure that sessions IDs are not parsed from URLs for Contexts where
disableURLRewriting is true
Modified:
tomcat/tc6.0.x/trunk/STATUS.txt
tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java
tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1558822&r1=1558821&r2=1558822&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Thu Jan 16 14:59:02 2014
@@ -66,12 +66,6 @@ PATCHES PROPOSED TO BACKPORT:
+1: markt, mturk, funkman, remm
-1:
-* Ensure that sessions IDs are not parsed from URLs for Contexts where
- disableURLRewriting is true.
-
http://people.apache.org/~markt/patches/2014-01-14-disableURLRewriting-tc6-v1.patch
- +1: markt,funkman, remm
- -1:
-
PATCHES/ISSUES THAT ARE STALLED:
Modified:
tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java?rev=1558822&r1=1558821&r2=1558822&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java
(original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java
Thu Jan 16 14:59:02 2014
@@ -508,12 +508,6 @@ public class CoyoteAdapter implements Ad
return false;
}
- // Had to do this after the context was set.
- // Unfortunately parseSessionId is still necessary as it
- // affects the final URL. Safe as session cookies still
- // haven't been parsed.
- if (isURLRewritingDisabled(request))
- clearRequestedSessionURL(request);
request.setWrapper((Wrapper) request.getMappingData().wrapper);
// Filter trace method
@@ -546,7 +540,7 @@ public class CoyoteAdapter implements Ad
// Parse session Id
String sessionID =
request.getPathParameter(Globals.SESSION_PARAMETER_NAME);
- if (sessionID != null) {
+ if (sessionID != null && !isURLRewritingDisabled(request)) {
request.setRequestedSessionId(sessionID);
request.setRequestedSessionURL(true);
}
Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=1558822&r1=1558821&r2=1558822&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Thu Jan 16 14:59:02 2014
@@ -95,6 +95,10 @@
<code>org.apache.catalina.STRICT_SERVLET_COMPLIANCE</code> is set to
<code>true</code>. (markt)
</fix>
+ <fix>
+ Ensure that sessions IDs are not parsed from URLs for Contexts where
+ <code>disableURLRewriting</code> is <code>true</code>. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
