Problem passing parameter to servlet while handling a session from Gildas Mazery on 1998-09-24 (www-jigsaw@w3.org from September to October 1998)

From: Gildas Mazery <mazery@agence.cpu.fr>
Date: Thu, 24 Sep 1998 11:22:30 -0400 (EDT)
To: "'www-jigsaw@w3.org'" <www-jigsaw@w3.org>
Message-ID: <01BDE7DF.88597810@GILDAS3>

Hi,

To handle a session whithout cookies, servlets must add to all generated URL a 
session_id as a parameter. This is done by using the encodeUrl methode of 
HttpServletResponse. Depending whether URLs contain a parameter, on top of the
one set by encodeURL, or not, the servlets that are invoked by those generated
URLs can throw an execption when performing getParameter method. 

"encodeUrl" in JigsawHttpServletResponse assumes that URLs have no parameter,
and just add : 
   "?<param_name>=<session_Id>" 
at the end of URLs. If an URL passed to encodeUrl already has a parameter
then the resulting URL has a wrong format, and looks at :
   "/servlet/<servlet_name>?<param_name1>=<value1>?<param_name>=<session_Id>". 
The right URL should be :
   "/servlet/<servlet_name>?<param_name1>=<value1>&<param_name>=<session_Id>"
since parameter list's separator is "&" and not "?". 

So, I have modified JigsawHttpServletResponse.java in the package 
org.w3c.jigsaw.servlet, replacing

    public String encodeUrl(String url) {
	if (! jrequest.isRequestedSessionIdFromCookie()) {
	    url = url +  "?" + jrequest.getCookieName()+"="+
		jrequest.getSession(true).getId();
	}
	return url;
    }
by
    public String encodeUrl(String url) {
	if (! jrequest.isRequestedSessionIdFromCookie()) {
	    url = url + (    url.indexOf("?") != -1    ? "&" : "?")
                 + jrequest.getCookieName()+"="+
		jrequest.getSession(true).getId();
	}
	return url;
    }

I don't know if the change is revelant, however the change is minor 
and then, the set of servlets a was testing (Duke's Bookstore of the
java.sun's tutorial) seems finally to work fine with a web browser
that refuse cookies. 
(In fact I also had to disable auto-load for the servletwrapper and 
add the servlet's directory to the CLASSPATH, to allow a servlet to
use an another one. This seems to be a bug in jigsaw's class_loader and  
the workaround is found in the mailing list archive). 

However, the code of the first servlet is suspect : encodeUrl is used before
creating a session. I am not sure that's a normal thing. 
I guess that's why the session is always handled by adding a parameter
to the URL, even if the browser accept cookies.
If I create a session in this servlet before using encodeUrl, 
or if I d'ont use encodeUrl in this servlet (in fact the servlet
generate a welcome page and a menu that does not need to be include
in a session) all things append as they are expected to, that is to
say : if the browser accept cookies, they are used for handling sessions,
if not, sessions are handled by adding parameter to generated URL.

To conclude, I wonder if there is a bug in the servlet or a bug in the 
default behaviour of encodeUrl when there is no session.

Regards,

Gildas

Received on Thursday, 24 September 1998 11:24:39 UTC