Is it valid to extend URL with ";"-character?

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Is it valid to extend URL with ";"-character?

Bugzilla from linuxhippy@gmail.com
Hi there,

When using URL-rewriting for session-management the session-id is
simply appended to the URL by adding URL + ";" + "jsessionid=".

However for the stuff I am coding I would prefer to use my
self-written session-management without any dependencies to a
servlet-container.
So is it allowed to extend the URL with "own" values like URL + ";" +
"comssid=jbJBjb76" or something like that?
This works ok with Jetty but I would like to go with standards.

Thank you in advance, lg Clemens


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
<a href="http://sel.as-us.falkag.net/sel?cmd=lnk&kid3432&bid#0486&dat1642">http://sel.as-us.falkag.net/sel?cmd=lnk&kid3432&bid#0486&dat1642
_______________________________________________
Jetty-support mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/jetty-support
Reply | Threaded
Open this post in threaded view
|

Re: Is it valid to extend URL with ";"-character?

Chris Haynes
AFAIK there is nothing in any standard stopping you doing this. You generate it
and you use it.
The semantics of ';'-prefixed URL parameters _other than_ 'jsessionid'are not
constrained by any spec. that I know of .

Chris Haynes


 "Clemens Eisserer" asked

Hi there,

When using URL-rewriting for session-management the session-id is
simply appended to the URL by adding URL + ";" + "jsessionid=".

However for the stuff I am coding I would prefer to use my
self-written session-management without any dependencies to a
servlet-container.
So is it allowed to extend the URL with "own" values like URL + ";" +
"comssid=jbJBjb76" or something like that?
This works ok with Jetty but I would like to go with standards.






-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
_______________________________________________
Jetty-support mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/jetty-support
Reply | Threaded
Open this post in threaded view
|

Re: Is it valid to extend URL with ";"-character?

Bugzilla from linuxhippy@gmail.com
Hi Chris,

> AFAIK there is nothing in any standard stopping you doing this. You generate it
> and you use it.
Thanks a lot for answering, great :)

> The semantics of ';'-prefixed URL parameters _other than_ 'jsessionid'are not
> constrained by any spec. that I know of .
The fears I have are that some servlet-containers maybe could treat
the prefixed part as part of the URL itself, and simply fail to resolv
the mapped servlet. Is that unlikely?

Thanks, lg Clemens


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
<a href="http://sel.as-us.falkag.net/sel?cmd=lnk&kid3432&bid#0486&dat1642">http://sel.as-us.falkag.net/sel?cmd=lnk&kid3432&bid#0486&dat1642
_______________________________________________
Jetty-support mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/jetty-support
Reply | Threaded
Open this post in threaded view
|

Re: Is it valid to extend URL with ";"-character?

Chris Haynes
 "Clemens Eisserer" asked:
>> AFAIK there is nothing in any standard stopping you doing this. You generate
>> it
>> and you use it.
>Thanks a lot for answering, great :)

>> The semantics of ';'-prefixed URL parameters _other than_ 'jsessionid'are not
>> constrained by any spec. that I know of .

>The fears I have are that some servlet-containers maybe could treat
>the prefixed part as part of the URL itself, and simply fail to resolv
>the mapped servlet. Is that unlikely?


Good question.

The URL spec permits 'path parameters' in every component of the path e.g.

/somewhere;a=14/else;b=xxx/index.html;jsessionid=123abc?name=fred

is a valid URL (according to RFC 2396) with three path parameters.

One would hope that _all_ servlet containers would strip this down to
    /somewhere/else/index.html
when matching it to resources.


However:

1) Form your own judgement of what Sect. 3.3 of RFC2396 is actually saying,
2) Hunt through all subsequent RFCs to see is they modify / clarify this!

The problem, as I see it, is that the many subsequent RFCs related to URLs+URIs
continue to let character sequences which look like path parameters be legal,
but I can't find any that still retain the HTTP semantic concept of a 'path
parameter'.

What does worry me that the Sun Servlet spec. (I'm looking at V2.3) does not
specifically say that path parameters _other than_ ones starting with
'jsessionid=' should be ignored when matching paths.

Greg is on the expert group for this spec - maybe he can comment...


Chris






-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
_______________________________________________
Jetty-support mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/jetty-support
Reply | Threaded
Open this post in threaded view
|

Re: Is it valid to extend URL with ";"-character?

Greg Wilkins-5
Chris Haynes wrote:

> Greg is on the expert group for this spec - maybe he can comment...

There be dragons there!!!!!!

All discussions of this on the servlet group have rapidly been
put in the too hard basket!

I think most agree that trailing URL params will be handled correctly.

eg  /aaa/bbbb/cccc;myparam=myvalue   will be handled as /aaa/bbbb/cccc

But that internal params are not support by servlet containers - so

eg /aaa/bbbb;myparam=myvalye/cccc   will cause all sorts of pain!


Personally, I would avoid params totally.   If you really want URL
tracking of sessions then I'd do something like

   /aaa/bbb/myresource/mysessionid

but you could risk

   /aaa/bbb/myresource;id=mysessionid

and it should mostly work.

cheers






-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
_______________________________________________
Jetty-support mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/jetty-support