https://issues.apache.org/bugzilla/show_bug.cgi?id=53584
Mark Thomas <ma...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
OS| |All
--- Comment #1 from Mark Thomas <ma...@apache.org> ---
Thanks for an excellent bug report. The issue was a real pleasure to
investigate - not just because the root cause was interesting but because I
could focus on the interesting bits rather than having to waste time trying to
build the test WAR using the current flavour of the month for scm and/or build
tool and/or source layout. Simple WARs are *SO* much easier to work with.
The clear steps to re-create the issue were also extremely helpful. So again,
thank-you.
The root cause is that as of 6.0.33 path parameters are included the value
returned from HttpServletRequest.getRequestURI(). During the FORM auth, one of
the checks post authentication is "Does the current URI equal the original
URI?" The problem is that the current URI always contains the session ID as a
path parameter whereas the first time through the authentication the original
URI does not.
This issue also affects trunk and 7.0.x.
I have fixed this issue in trunk and 7.0.x for 7.0.30 onwards and proposed the
fix for 6.0.x.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
