From: markt Date: Mon, 9 May 2011 12:45:55 +0000 (+0000) Subject: Ensure session cookie paths end in / so that session cookies created for a context... X-Git-Url: https://git.internetallee.de/?a=commitdiff_plain;h=cd5662ea539024a8e8df6be83d8a625741952129;p=tomcat7.0 Ensure session cookie paths end in / so that session cookies created for a context with a path of /foo do not get returned with requests mapped to a context with a path of /foobar git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@1100992 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/java/org/apache/catalina/core/ApplicationSessionCookieConfig.java b/java/org/apache/catalina/core/ApplicationSessionCookieConfig.java index b8d32bbc3..c4543a3f1 100644 --- a/java/org/apache/catalina/core/ApplicationSessionCookieConfig.java +++ b/java/org/apache/catalina/core/ApplicationSessionCookieConfig.java @@ -158,8 +158,10 @@ public class ApplicationSessionCookieConfig implements SessionCookieConfig { } // Handle special case of ROOT context where cookies require a path of // '/' but the servlet spec uses an empty string - if (contextPath.length() == 0) { - contextPath = "/"; + // Also ensure the cookies for a context with a path of /foo don't get + // sent for requests with a path of /foobar + if (!contextPath.endsWith("/")) { + contextPath = contextPath + "/"; } cookie.setPath(contextPath); diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 05911d461..48f3abf7b 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -71,6 +71,12 @@ ServletRequest#getServerPort() and ServletRequest#getLocalPort() when Tomcat is behind a reverse proxy. (markt) + + Ensure session cookie paths end in / so that session + cookies created for a context with a path of /foo do not + get returned with requests mapped to a context with a path of + /foobar. (markt) +