DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=41213>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=41213 Summary: URLs with session ID in them no longer work Product: Tomcat 5 Version: 5.5.20 Platform: Other URL: https://bowmore.cs.st- andrews.ac.uk/finesse/Resources.do;jsessionid=AAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAA OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Catalina AssignedTo: tomcat-dev@jakarta.apache.org ReportedBy: [EMAIL PROTECTED] I have a web application which users first access through a static login page. They then enter a username and password, and are redirected to a servlet, which creates a session, sets whether they have authenticated successfully in that session, and redirects them on to the next page: response.sendRedirect(response.encodeRedirectURL(url)); This worked fine in Tomcat versions up to 5.5.17, however having just installed 5.5.20 on our development server, I now get a 404 error instead of the page. Removing the ";jsessionid=..." from the URL does work correctly (giving either a 403 if the user is not logged in, or has cookies disabled, or the correct page if they're logged in and have cookies for the session system to use instead): https://bowmore.cs.st-andrews.ac.uk/finesse/Resources.do At a guess, looking at the change log, "Improve handling of the ';' character in the URL so that it is now allowed if properly %xx encoded. (remm)" is somehow related, but that's just a guess. Tested using JDK 1.5_10, from Firefox 3.0 Alpha 1, Safari 2.0.4 and Lynx 2.8.5. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
