This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push: new fd82e6cc7c Encode redirect URL used by the rewrite valve with session id fd82e6cc7c is described below commit fd82e6cc7c4008dac9fd12ac3445f1c090142183 Author: remm <r...@apache.org> AuthorDate: Tue Jun 3 13:53:01 2025 +0200 Encode redirect URL used by the rewrite valve with session id Handle different cross context session configuration. BZ69699 --- java/org/apache/catalina/connector/Request.java | 2 +- java/org/apache/catalina/valves/rewrite/RewriteValve.java | 7 +++++-- webapps/docs/changelog.xml | 5 +++++ 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/java/org/apache/catalina/connector/Request.java b/java/org/apache/catalina/connector/Request.java index 087e5bc749..9973996014 100644 --- a/java/org/apache/catalina/connector/Request.java +++ b/java/org/apache/catalina/connector/Request.java @@ -517,7 +517,7 @@ public class Request implements HttpServletRequest { } - protected void recycleSessionInfo() { + public void recycleSessionInfo() { if (session != null) { try { session.endAccess(); diff --git a/java/org/apache/catalina/valves/rewrite/RewriteValve.java b/java/org/apache/catalina/valves/rewrite/RewriteValve.java index 347e2d04f9..980dde353c 100644 --- a/java/org/apache/catalina/valves/rewrite/RewriteValve.java +++ b/java/org/apache/catalina/valves/rewrite/RewriteValve.java @@ -461,11 +461,13 @@ public class RewriteValve extends ValveBase { if (context && urlStringEncoded.charAt(0) == '/' && !UriUtil.hasScheme(urlStringEncoded)) { urlStringEncoded.insert(0, request.getContext().getEncodedPath()); } + String redirectPath; if (rule.isNoescape()) { - response.sendRedirect(UDecoder.URLDecode(urlStringEncoded.toString(), uriCharset)); + redirectPath = UDecoder.URLDecode(urlStringEncoded.toString(), uriCharset); } else { - response.sendRedirect(urlStringEncoded.toString()); + redirectPath = urlStringEncoded.toString(); } + response.sendRedirect(response.encodeRedirectURL(redirectPath)); response.setStatus(rule.getRedirectCode()); done = true; break; @@ -577,6 +579,7 @@ public class RewriteValve extends ValveBase { chunk.append(host.toString()); } request.getMappingData().recycle(); + request.recycleSessionInfo(); // Reinvoke the whole request recursively Connector connector = request.getConnector(); try { diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index be31ca4155..9666aa852c 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -184,6 +184,11 @@ in a single URL segment. Based on pull request <pr>860</pr> by Chenjp. (markt) </fix> + <fix> + <bug>69699</bug>: Encode redirect URL used by the rewrite valve with + the session id if appropriate, and handle cross context with different + session configuration when using rewrite. (remm) + </fix> </changelog> </subsection> <subsection name="Coyote"> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org