This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push: new 9c3673ba04 Encode redirect URL used by the rewrite valve with session id 9c3673ba04 is described below commit 9c3673ba04009377cb0c81ccb6cf5078aec1aa95 Author: remm <r...@apache.org> AuthorDate: Tue Jun 3 13:53:01 2025 +0200 Encode redirect URL used by the rewrite valve with session id Handle different cross context session configuration. BZ69699 --- java/org/apache/catalina/connector/Request.java | 2 +- java/org/apache/catalina/valves/rewrite/RewriteValve.java | 7 +++++-- webapps/docs/changelog.xml | 5 +++++ 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/java/org/apache/catalina/connector/Request.java b/java/org/apache/catalina/connector/Request.java index c717371a5a..6bc8d80964 100644 --- a/java/org/apache/catalina/connector/Request.java +++ b/java/org/apache/catalina/connector/Request.java @@ -547,7 +547,7 @@ public class Request implements HttpServletRequest { } - protected void recycleSessionInfo() { + public void recycleSessionInfo() { if (session != null) { try { session.endAccess(); diff --git a/java/org/apache/catalina/valves/rewrite/RewriteValve.java b/java/org/apache/catalina/valves/rewrite/RewriteValve.java index 660c9c8fa9..a3f95b2cdc 100644 --- a/java/org/apache/catalina/valves/rewrite/RewriteValve.java +++ b/java/org/apache/catalina/valves/rewrite/RewriteValve.java @@ -462,11 +462,13 @@ public class RewriteValve extends ValveBase { if (context && urlStringEncoded.charAt(0) == '/' && !UriUtil.hasScheme(urlStringEncoded)) { urlStringEncoded.insert(0, request.getContext().getEncodedPath()); } + String redirectPath; if (rule.isNoescape()) { - response.sendRedirect(UDecoder.URLDecode(urlStringEncoded.toString(), uriCharset)); + redirectPath = UDecoder.URLDecode(urlStringEncoded.toString(), uriCharset); } else { - response.sendRedirect(urlStringEncoded.toString()); + redirectPath = urlStringEncoded.toString(); } + response.sendRedirect(response.encodeRedirectURL(redirectPath)); response.setStatus(rule.getRedirectCode()); done = true; break; @@ -578,6 +580,7 @@ public class RewriteValve extends ValveBase { chunk.append(host.toString()); } request.getMappingData().recycle(); + request.recycleSessionInfo(); // Reinvoke the whole request recursively Connector connector = request.getConnector(); try { diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 05a0ca4fc6..bf3dc0f87d 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -121,6 +121,11 @@ the new <code>ParameterLimitValve</code>. The valve allows configurable URL-specific limits on the number of parameters. (dsoumis) </add> + <fix> + <bug>69699</bug>: Encode redirect URL used by the rewrite valve with + the session id if appropriate, and handle cross context with different + session configuration when using rewrite. (remm) + </fix> </changelog> </subsection> <subsection name="Coyote"> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org