Bugzilla – Full Text Bug Listing
| Summary: | HttpServletResponse sendRedirect should not encode jsessionid into the URL | ||
|---|---|---|---|
| Product: | [RT] Jetty | Reporter: | Igor Malinin <igorzep> |
| Component: | server | Assignee: | Greg Wilkins <gregw> |
| Status: | RESOLVED FIXED | QA Contact: | |
| Severity: | major | ||
| Priority: | P3 | CC: | igorzep, janb, jetty-inbox |
| Version: | 8.0.4 | ||
| Target Milestone: | 7.5.x | ||
| Hardware: | All | ||
| OS: | All | ||
| Whiteboard: | |||
I'm sure that previously somebody convinced me that sendRedirect should do the encode.... but I can't re-convince myself of that. so fixing for 7.6 and 8.1 Greg, I think it was this issue where we put the jsessionid encoding onto the sendRedirect: http://jira.codehaus.org/browse/JETTY-1146 It seems that the JSF framework is/was NOT calling encodeRedirectUrl before calling sendRedirect .... Jan |
Build Identifier: 8.0.4.v20111024 The org.eclipse.jetty.server.Response.sendRedirect() should not call encodeRedirectURL(). This is a violation of Servlet spec. that requires user of the Servlet API to call encodeRedirectURL explicitly before calling sendRedirect(). This becomes really annoying when you do something like this: response.sendRedirect("https://www.google.com/accounts/o8/ud") and it redirects to https://www.google.com/accounts/o8/ud;jsessionid=_the_url_is_broken_ Please remove the line containing "location=encodeRedirectURL(location);" from the sendRedirect method! Reproducible: Always Steps to Reproduce: In request with a cookie-less session call response.sendRedirect("https://www.google.com/accounts/o8/ud") or use any other URL...