Jetty
  1. Jetty
  2. JETTY-469

Respect jsessionid from URL over cookie

    Details

    • Type: Improvement Improvement
    • Status: Resolved Resolved
    • Priority: Major Major
    • Resolution: Won't Fix
    • Affects Version/s: 6.1.5
    • Fix Version/s: None
    • Component/s: Servlet
    • Labels:
      None
    • Number of attachments :
      0

      Description

      When jsessionid is provided in both URL and cookie, org.mortbay.jetty.servlet.SessionHandler
      could prefer url version over the one provided in cookie.

      Although this is not Jetty's problem by no means, this would help to solve Firefox / Flash application file upload
      problem discussed eg. in http://thanksmister.com/?p=59. Unfortunately Flash seems to send jsessionid
      cookies from old sessions (during file upload only). Manually encoding jsessionid to URL is a suggested
      workaround but it does not work with Jetty since Jetty picks up the id from cookie first and never looks to URL
      if one is found from cookie.

      I doubt there will be a Flash or Firefox fix for this anytime soon.

      Would there be other implications overlooked by me if the order were
      changed to prefer URL encoded jsessionid's?

      Thanks,
      – Nikla

        Activity

        Hide
        Greg Wilkins added a comment -

        Sorry but this behavior is specified by the servlet spec and we can't really change it.

        We do allow session cookies to be disabled and we are implementing disabling of url sessions (see JETTY-467),
        but I don't think changing the priority if both are enabled is a good thing.

        Show
        Greg Wilkins added a comment - Sorry but this behavior is specified by the servlet spec and we can't really change it. We do allow session cookies to be disabled and we are implementing disabling of url sessions (see JETTY-467 ), but I don't think changing the priority if both are enabled is a good thing.
        Greg Wilkins made changes -
        Field Original Value New Value
        Resolution Won't Fix [ 2 ]
        Status Open [ 1 ] Resolved [ 5 ]

          People

          • Assignee:
            Unassigned
            Reporter:
            Nikla Ratinen
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: