Issue Details (XML | Word | Printable)

Key: JETTY-469
Type: Improvement Improvement
Status: Resolved Resolved
Resolution: Won't Fix
Priority: Major Major
Assignee: Unassigned
Reporter: Nikla Ratinen
Votes: 0
Watchers: 1
Operations

If you were logged in you would be able to see more operations.
Jetty

Respect jsessionid from URL over cookie

Created: 24/Nov/07 04:14 AM   Updated: 25/Nov/07 11:20 PM   Resolved: 25/Nov/07 11:20 PM
Return to search
Component/s: Servlet
Affects Version/s: 6.1.5
Fix Version/s: None

Time Tracking:
Not Specified


 Description  « Hide

When jsessionid is provided in both URL and cookie, org.mortbay.jetty.servlet.SessionHandler
could prefer url version over the one provided in cookie.

Although this is not Jetty's problem by no means, this would help to solve Firefox / Flash application file upload
problem discussed eg. in http://thanksmister.com/?p=59. Unfortunately Flash seems to send jsessionid
cookies from old sessions (during file upload only). Manually encoding jsessionid to URL is a suggested
workaround but it does not work with Jetty since Jetty picks up the id from cookie first and never looks to URL
if one is found from cookie.

I doubt there will be a Flash or Firefox fix for this anytime soon.

Would there be other implications overlooked by me if the order were
changed to prefer URL encoded jsessionid's?

Thanks,
– Nikla



Greg Wilkins added a comment - 25/Nov/07 11:20 PM

Sorry but this behavior is specified by the servlet spec and we can't really change it.

We do allow session cookies to be disabled and we are implementing disabling of url sessions (see JETTY-467),
but I don't think changing the priority if both are enabled is a good thing.


Greg Wilkins made changes - 25/Nov/07 11:20 PM
Field Original Value New Value
Resolution Won't Fix [ 2 ]
Status Open [ 1 ] Resolved [ 5 ]