Author: mturk
Date: Tue Jun 26 05:28:00 2007
New Revision: 550789
URL: http://svn.apache.org/viewvc?view=rev&rev=550789
Log:
Do not pass session id if it is zero length. For now only log those attempts.
We should consider returning 400 if the jsessionid is empty perhaps.
Modified:
tomcat/connectors/trunk/jk/native/common/jk_lb_worker.c
Modified: tomcat/connectors/trunk/jk/native/common/jk_lb_worker.c
URL:
http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/native/common/jk_lb_worker.c?view=diff&rev=550789&r1=550788&r2=550789
==============================================================================
--- tomcat/connectors/trunk/jk/native/common/jk_lb_worker.c (original)
+++ tomcat/connectors/trunk/jk/native/common/jk_lb_worker.c Tue Jun 26 05:28:00
2007
@@ -390,13 +390,22 @@
/* Retrieve session id from the cookie or the parameter
* (parameter first)
*/
-static char *get_sessionid(jk_ws_service_t *s)
+static char *get_sessionid(jk_ws_service_t *s, jk_logger_t *l)
{
char *val;
val = get_path_param(s, JK_PATH_SESSION_IDENTIFIER);
if (!val) {
val = get_cookie(s, JK_SESSION_IDENTIFIER);
}
+ if (val && !*val) {
+ /* TODO: For now only log the empty sessions.
+ * However we should probably return 400
+ * (BAD_REQUEST) in this case
+ */
+ jk_log(l, JK_LOG_INFO,
+ "Detected empty session identifier.");
+ return NULL;
+ }
return val;
}
@@ -913,7 +922,7 @@
/* Use sessionid only if sticky_session is
* defined for this load balancer
*/
- sessionid = get_sessionid(s);
+ sessionid = get_sessionid(s, l);
}
if (JK_IS_DEBUG_LEVEL(l))
jk_log(l, JK_LOG_DEBUG,
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
