Redirect with jsessionid path parameter results in 404 error

Question

Since moving to a new server, we're getting a 404 error when logging in to our web application. We're using Spring Acegi for authentication, and the HTTP stream is rather typical:

Request:
GET /dev/secure/umblogin?j_username=myuer&j_password=XXXX&j_client=1

Response:
HTTP/1.1 302 Moved Temporarily
Set-Cookie: JSESSIONID=3DABF165D2E18094632EA1478EF67D8E; Path=/dev
Location: http://hurricane.umbrellanet.ch/dev/secure/umbrellanet.go;jsessionid=3DABF165D2E18094632EA1478EF67D8E

Request:
GET /dev/login.go;jsessionid=DA122287727B72CD3F1B77DBD799531F

Response:
HTTP/1.1 404 Not Found

The reason lies somewhere with the path parameter ';jsessionid=..' where the semicolon gets encoded to %3b and the server then fails to find

/dev/login.go%3bjsessionid=DA122287727B72CD3F1B77DBD799531F

I' sure this is not an uncommon problem, but I fail to find any good google hits. We're using Apache Tomcat/6.0.35, the browser is an IE 9.

Thanks Simon

In the meantime I've found that this is a bug fix introduced in Tomcat 6.0.33, which now passes on the path parameter in Request.getRequestURI(). I'm still uncertain how to deal with this 'enhancement', ie where to filter out the jsessionid. — Simon, Aug 13 '12 at 18:40

score 0 · Accepted Answer · edited May 23 '17 at 10:34

0

This is essentially a duplicate of Is it possible to disable jsessionid in tomcat servlet?.

(Since Tomcat 6.0.33, the path parameters are returned on Request.getRequestURI(). This is seen as a bug fix.)

edited May 23 '17 at 10:34

Community

1
1

answered Aug 15 '12 at 11:55

Simon

2,994
3
28
37

Redirect with jsessionid path parameter results in 404 error

1 Answers1