Mladen Turk wrote:
My proposal is that we make our own decoder if the URI is encoded
and then do a match and forward that.
As far as I understand you suggestion, this would not help.
There's nothing wrong with "our" decoder (the httpd decoder), what's
wrong is, that the decoded URI gets decoded a second time by Tomcat.
Double decoding is the fault (there's a nice comment about that in httpd
source code).
Hope I don't speak complete rubbish :)
Anyhow, I simply don't like adding new features and options.
Think we done a lot of them recently.
If there is a problem we should hide the problem from
the user and do that internally instead adding new config.
I think the new proposed way of forwarding (the '%' encoding) is the
one, which will efficiently hide the problem.
The point why we can't just let things stay like they are now is,
- one option does not work with mod_rewrite
- one option is not safe
- one option does not work with URL encoded sessions IDs
This is not new, it's like that since a long time. What is new, is that
we now take the unsafety serious and end up with either broken sessions
or broken mod_rewrite interop.
Regards,
Rainer
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
