When jsessionid is provided in both URL and cookie, org.mortbay.jetty.servlet.SessionHandler
could prefer url version over the one provided in cookie.
Although this is not Jetty's problem by no means, this would help to solve Firefox / Flash application file upload
problem discussed eg. in http://thanksmister.com/?p=59
. Unfortunately Flash seems to send jsessionid
cookies from old sessions (during file upload only). Manually encoding jsessionid to URL is a suggested
workaround but it does not work with Jetty since Jetty picks up the id from cookie first and never looks to URL
if one is found from cookie.
I doubt there will be a Flash or Firefox fix for this anytime soon.
Would there be other implications overlooked by me if the order were
changed to prefer URL encoded jsessionid's?
Thanks,
– Nikla
Improvement
Resolved
Major
Respect jsessionid from URL over cookie
Sorry but this behavior is specified by the servlet spec and we can't really change it.
We do allow session cookies to be disabled and we are implementing disabling of url sessions (see
JETTY-467),but I don't think changing the priority if both are enabled is a good thing.