Remy Maucherat wrote:
[EMAIL PROTECTED] wrote:
Author: mturk
Date: Tue Jun 26 05:28:00 2007
New Revision: 550789
URL: http://svn.apache.org/viewvc?view=rev&rev=550789
Log:
Do not pass session id if it is zero length. For now only log those
attempts. We should consider returning 400 if the jsessionid is empty
perhaps.
This serves no useful purpose. What if jsessionid is one char long
(let's say ' ') ? Is it more valid ?
Since I didn't get an answer, I suppose I have to clarify. This means I
am vetoing this commit (if someone needs to filter out certain requests
based on this sort of constraints, they should use a valve or a filter
instead, which is very easy to do).
Rémy
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
