https://bz.apache.org/bugzilla/show_bug.cgi?id=51833
--- Comment #6 from Konstantin Kolinko <knst.koli...@gmail.com> --- Some person is currently asking about history of this change on the users@ list, comparing behaviour of some old Tomcat 6 and current Tomcat 7 versions. (2015-07-23, "Tomcat 7 (7.0.54) Login URL is Passing with JSESSION ID. | why there is different behaviour in Tomcat 6 and Tomcat 7" http://markmail.org/message/jdwpyll2nl25me24 ) This change is listed in changelog, but it does not have a bug number with it. I am taking this chance to better document it. This change in changelog of 6.0.33: <fix> Improve handling of URLs with path parameters and prevent incorrect 404 responses that could occur when path parameters were present. (kkolinko) </fix> ************************************************ Comments: 1. The commit for this change: 2011-07-21 http://svn.apache.org/viewvc?view=revision&revision=1149220 "Fix path parameter handling. Prevent the following URL failing with a 404: http://localhost:8080/examples/jsp/snp;x=y/snoop.jsp"; 2. The change in behaviour of request.getRequestURI() is dictated by Servlet specification. The new behaviour (exposing the path parameters as is) is the correct behaviour. It is already mentioned above (comment 1) and have been discussed several times on our mailing lists. A request to clarify Servlet specification is [1]. The behaviour of getRequestURI is essentially clear: it is documented to return original un-decoded request URI, that is on the first line of HTTP request. [2] It is behaviour of other related methods that needs to be clarified in [1]. [1] https://java.net/jira/browse/SERVLET_SPEC-18 [2] http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#getRequestURI%28%29 3. This change was backported from Tomcat 7, where it was a part of a different fix that involved refactoring of path parameter handling. The change to getRequestURI() is a side effect of that refactoring. 4. Original proposal for this fix is r1005192 (2010-10-06) This proposal was discussed in "Re: r1005192" thread on dev@ list. After several minor improvements (r1035976) it became the change committed in r1149220. Discussion thread "Re: r1005192": http://tomcat.markmail.org/thread/i3m4amzrueafgvyv 5. Original commit that changed path parameter handling in Tomcat 7 is r944920 (2010-05-16, fix for bug 49299) with minor follow-up fixes such as r946584 and r1035973. In Tomcat 7 this change is part of Tomcat 7.0.0, so it is not listed in changelog. 6. This change in getRequestURI() behaviour has caused regression in FORM authentication: Bug 53584 - Forms authentication without cookies requires double submission in 6.0.33 The FORM authentication issue was fixed in 6.0.36, 7.0.30. (r1377878 in Tomcat 6, r1370537 + r1372390 in Tomcat 7) -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
