Resolution: Won't Fix
Affects Version/s: 6.1.5
Fix Version/s: None
Number of attachments :
When jsessionid is provided in both URL and cookie, org.mortbay.jetty.servlet.SessionHandler
could prefer url version over the one provided in cookie.
Although this is not Jetty's problem by no means, this would help to solve Firefox / Flash application file upload
problem discussed eg. in http://thanksmister.com/?p=59. Unfortunately Flash seems to send jsessionid
cookies from old sessions (during file upload only). Manually encoding jsessionid to URL is a suggested
workaround but it does not work with Jetty since Jetty picks up the id from cookie first and never looks to URL
if one is found from cookie.
I doubt there will be a Flash or Firefox fix for this anytime soon.
Would there be other implications overlooked by me if the order were
changed to prefer URL encoded jsessionid's?