DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=33806>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=33806 [EMAIL PROTECTED] changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|INVALID | ------- Additional Comments From [EMAIL PROTECTED] 2005-12-16 21:47 ------- I've verified with 5.0.28 and Tomcat DOES unescape %3b (;) and %3d (=) before extracting ;jsessionid= I don't understand what was tested by the person who opened this bug. Maybe the problem was with the %D in the example... It should be %3D, so I believe his test was incorrect. It's very simple to test using the session example (assume session 1A1D98B86F2E813CC27BDCC214C73285 is already created): $telnet localhost 8080 GET /servlets-examples/servlet/SessionExample%3Bjsessionid%3D1A1D98B86F2E813CC27BDCC214C73285 HTTP/1.1 Host: localhost HTTP/1.1 200 OK Content-Type: text/html;charset=ISO-8859-1 Content-Length: 1285 Date: Fri, 16 Dec 2005 20:18:20 GMT Server: Apache-Coyote/1.1 <html> <body bgcolor="white"> <head> <title>Sessions Example</title> </head> <body> <a href="../sessions.html"> <img src="../images/code.gif" height=24 width=24 align=right border=0 alt="view code"></a> <a href="../index.html"> <img src="../images/return.gif" height=24 width=24 align=right border=0 alt="return"></a> <h3>Sessions Example</h3> Session ID: 1A1D98B86F2E813CC27BDCC214C73285 <br> Created: Fri Dec 16 15:13:30 EST 2005<br> Last Accessed: Fri Dec 16 15:13:52 EST 2005 <P> The following data is in your session:<br> foo = bar<br> <P> <form action="SessionExample;jsessionid=1A1D98B86F2E813CC27BDCC214C73285" method=POST> Name of Session Attribute: <input type=text size=20 name=dataname> <br> Value of Session Attribute: <input type=text size=20 name=datavalue> <br> <input type=submit> </form> <P>GET based form:<br> <form action="SessionExample;jsessionid=1A1D98B86F2E813CC27BDCC214C73285" method=GET> Name of Session Attribute: <input type=text size=20 name=dataname> <br> Value of Session Attribute: <input type=text size=20 name=datavalue> <br> <input type=submit> </form> <p><a href="SessionExample;jsessionid=1A1D98B86F2E813CC27BDCC214C73285?dataname=foo&datavalue=bar" >URL encoded </a> </body> </html> </body> </html> I totally agree with Remy analysis regarding preserving reserved characters in the URI (http://www.ietf.org/rfc/rfc2396.txt). I'm reopening the bug because I believe that tomcat should have failed retrieving session when URI is encoded as above. Considering Tomcat is a reference implementation, I would have expected a strict behaviour. Weblogic 8.1 and WebSphere Application Server 5.1.1.7 do not unescape the path portion and path parameters of the URI. It is wrong for a HTTP User agent to encode reserved characters in a URI placed in a document (i.e. HTML, VoiceXML, etc.). Believe it or not, I'm using a VoiceXML platform embedding two different HTTP user agents that have this problem. argh! -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
