3 Replies Latest reply on Nov 11, 2002 6:00 PM by jules

    ;JSESSIONID vs ;jsessionid (jboss3.0.3)

    colinws Nov 1, 2002 12:27 PM

      It seems that jetty / jboss is URL encoding session IDs as /foo;JSESSIONID=bar, rather than /foo;jsessionid=bar, as per the spec.

      This is causing problems when using mod_jk to put Apache in front of JBoss, as mod_jk only removes ;jsessionid from the URL when looking for matches to pass through to JBoss.

      Could someone please confim that this is a bug, and suggest when it is likely it can be fixed?

      Is there any way we can configure the embedded Jetty to form the URLs correctly?

      Thanks.

      • 3583 Views
      • Tags:
        • 1. Re: ;JSESSIONID vs ;jsessionid (jboss3.0.3)
          jules Nov 6, 2002 6:33 PM (in response to colinws)

          Funny, my copy of the spec (servlet 2.4) says :

          SRV.7.1.1 Cookies

          Session tracking through HTTP cookies is the most used session
          tracking mechanism and is required to be supported by all servlet
          containers. The container sends a cookie to the client. The client
          will then return the cookie on each subsequent request to the server,
          unambiguously associating the request with a session. The name of the
          session tracking cookie must be JSESSIONID.


          What version of mod_jk ?

          Mine works fine.


          Jules

            • Actions
          • 2. Re: ;JSESSIONID vs ;jsessionid (jboss3.0.3)
            colinws Nov 7, 2002 11:21 AM (in response to colinws)

            I mean when URL encoding the session information, when cookies aren't used.

            From the spec:

            SRV.7.1.3 URL Rewriting
            URL rewriting is the lowest common denominator of session tracking. When a client will not accept a cookie, URL rewriting may be used by the server as the basis for session tracking. URL rewriting involves adding data, a session id, to the URL path that is interpreted by the container to associate the request with a session.

            The session id must be encoded as a path parameter in the URL string. The name of the parameter must be jsessionid. Here is an example of a URL containing encoded path information:

            http://www.myserver.com/catalog/index.html;jsessionid=1234

            --

            Jetty would make this URL:

            http://www.myserver.com/catalog/index.html;JSESSIONID=1234

            mod_jk (a very recent version, I compiled from source only a week ago) only looks for ;jsessionid, as per the spec, and gets confused by ;JSESSIONID.

              • Actions
            • 3. Re: ;JSESSIONID vs ;jsessionid (jboss3.0.3)
              jules Nov 11, 2002 6:00 PM (in response to colinws)

              The changes are in CVS (jboss-3.2).

              They will be rolled into the next 3.0 release.

              If you want to run them with 3.0, checkout HEAD of Jetty cvs (from SourceForge), build it and use the jars from this in place of the ones in yout jbossweb.sar.

              Thanks for spotting this,


              Jules

                • Actions