First, this patch fixes a problem with Catalina's sendHeaders()
implementation which prevents post-service() Valve code from having a
chance to cleanly set or modify the JSESSIONID cookie used to store
Catalina's session identifier.
Second, this removes some of the remnants of a cut and paste birth of
WarpResponse from jakarta-tomcat-4.0 (note that there is another copy
of this file in the jakarta-turbine-connectors repository).
This patch is against CVS HEAD of jakarta-tomcat-4.0 from the evening
of Wed, Nov 28.
On a parallel note, neither JServ (in JServServletManager) nor
Catalina (in two HttpProcessor impls and WarpRequestHandler) use the
equalsIgnoreCase that section 4.1 of RFC 2109 to me suggests use when
rooting through the cookies parsed from the request stream (when
initially seeking the session identifier). Even though a constant is
used internally in Catalina, I would assume that Catalina would accept
cookies formatted as per the RFC (perhaps common usage suggests
otherwise?).
Index: HttpResponseBase.java
===================================================================
RCS file:
/home/cvspublic/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/HttpResponseBase.java,v
retrieving revision 1.40
diff -u -u -r1.40 HttpResponseBase.java
--- HttpResponseBase.java 2001/11/13 19:39:27 1.40
+++ HttpResponseBase.java 2001/11/28 09:15:20
@@ -614,25 +614,7 @@
}
// Add the session ID cookie if necessary
- HttpServletRequest hreq = (HttpServletRequest) request.getRequest();
- HttpSession session = hreq.getSession(false);
-
- if ((session != null) && session.isNew() && (getContext() != null)
- && getContext().getCookies()) {
- Cookie cookie = new Cookie(Globals.SESSION_COOKIE_NAME,
- session.getId());
- cookie.setMaxAge(-1);
- String contextPath = null;
- if (context != null)
- contextPath = context.getPath();
- if ((contextPath != null) && (contextPath.length() > 0))
- cookie.setPath(contextPath);
- else
- cookie.setPath("/");
- if (hreq.isSecure())
- cookie.setSecure(true);
- addCookie(cookie);
- }
+ addAbsentSessionCookie((HttpServletRequest) request.getRequest());
// Send all specified cookies (if any)
synchronized (cookies) {
@@ -657,6 +639,63 @@
// The response is now committed
committed = true;
+
+ }
+
+
+ /**
+ * Adds the session ID cookie if a new session exists for
+ * <code>hreq</code>, the Context is configured to pass the
+ * session ID via cookies (the default), and the session cookie
+ * doesn't already exist in the request (could've been inserted by
+ * a meddling Valve during Pipeline execution).
+ *
+ * @param hreq The HttpServletRequest whose session to service.
+ */
+ protected void addAbsentSessionCookie(HttpServletRequest hreq) {
+
+ HttpSession session = hreq.getSession(false);
+
+ if ((session != null) && session.isNew() && (getContext() != null)
+ && getContext().getCookies() && !containsSessionCookie()) {
+ Cookie cookie = new Cookie(Globals.SESSION_COOKIE_NAME,
+ session.getId());
+ cookie.setMaxAge(-1);
+ String contextPath = null;
+ if (context != null)
+ contextPath = context.getPath();
+ if ((contextPath != null) && (contextPath.length() > 0))
+ cookie.setPath(contextPath);
+ else
+ cookie.setPath("/");
+ if (hreq.isSecure())
+ cookie.setSecure(true);
+ addCookie(cookie);
+ }
+
+ }
+
+
+ /**
+ * Returns whether this HttpResponse contains the session
+ * identifier cookie. Though section 4.1 of RFC 2109 suggests
+ * that cookie name comparisons are case-insentive, a
+ * case-sensitive comparison is performed for consistancy with the
+ * rest of Catalina's implementation.
+ *
+ * @return Whether this response has a session identifier cookie
+ * set.
+ */
+ protected boolean containsSessionCookie() {
+
+ Cookie c;
+ for (Iterator i = cookies.iterator(); i.hasNext(); ) {
+ c = (Cookie) i.next();
+ if (Globals.SESSION_COOKIE_NAME.equals(c.getName())) {
+ return true;
+ }
+ }
+ return false;
}
Index: WarpResponse.java
===================================================================
RCS file:
/home/cvspublic/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/connector/warp/WarpResponse.java,v
retrieving revision 1.7
diff -u -u -r1.7 WarpResponse.java
--- WarpResponse.java 2001/08/09 20:08:58 1.7
+++ WarpResponse.java 2001/11/28 09:15:00
@@ -201,25 +201,7 @@
}
// Add the session ID cookie if necessary
- HttpServletRequest hreq = (HttpServletRequest) request.getRequest();
- HttpSession session = hreq.getSession(false);
-
- if ((session != null) && session.isNew() && (getContext() != null)
- && getContext().getCookies()) {
- Cookie cookie = new Cookie(Globals.SESSION_COOKIE_NAME,
- session.getId());
- cookie.setMaxAge(-1);
- String contextPath = null;
- if (context != null)
- contextPath = context.getPath();
- if ((contextPath != null) && (contextPath.length() > 0))
- cookie.setPath(contextPath);
- else
- cookie.setPath("/");
- if (hreq.isSecure())
- cookie.setSecure(true);
- addCookie(cookie);
- }
+ addAbsentSessionCookie((HttpServletRequest) request.getRequest());
// Send all specified cookies (if any)
synchronized (cookies) {
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
