Fix NPE when not using cookies for session IDs

git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@763322 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/java/org/apache/catalina/connector/CoyoteAdapter.java b/java/org/apache/catalina/connector/CoyoteAdapter.java
index 4e2a6a8..ad99957 100644 (file)
--- a/java/org/apache/catalina/connector/CoyoteAdapter.java
+++ b/java/org/apache/catalina/connector/CoyoteAdapter.java
@@ -510,6 +510,16 @@ public class CoyoteAdapter
         }
 
         // Parse session Id
+        if (!request.getServletContext().getEffectiveSessionTrackingModes()
+                .contains(SessionTrackingMode.URL)) {
+            /* 
+             * If we saw an ID in the URL but this is disabled - remove it
+             * Can't handle it when we parse the URL as we don't have the
+             * context at that point
+             */
+            request.setRequestedSessionId(null);
+            request.setRequestedSessionURL(false);
+        }
         parseSessionCookiesId(req, request);
         parseSessionSslId(request);
         return true;
@@ -543,9 +553,7 @@ public class CoyoteAdapter
         ByteChunk uriBC = req.requestURI().getByteChunk();
         int semicolon = uriBC.indexOf(match, 0, match.length(), 0);
 
-        if (semicolon > 0 &&
-                request.getServletContext().getEffectiveSessionTrackingModes()
-                        .contains(SessionTrackingMode.URL)) {
+        if (semicolon > 0) {
 
             // Parse session ID, and extract it from the decoded request URI
             int start = uriBC.getStart();