[jetty-discuss] AJP13Connection question

[Jean-Baptiste R. <jb...@al...>]

Hi,

We are using Jetty with IIS using the AJP connector and we are running 
into a simple problem. We use JAAS for authentication and if the browser 
does not support cookies (or for the first request), the url is modified 
to include the session details. The url changes from 
http://something/some/path.html to 
http://something/some/path.html;jsessionid=myid. In this case, using IIS 
and Jetty always returns a 404 error.
So we decided to track down the problem having a look at the Jetty 
source code and found that Jetty does not strip the jsessionid part from 
the url. We think that this problem is due to the class AJP13Connection, 
and especially around the line 194. The line reads:
                       String path=packet.getString();
                         request.setPath(URI.encodePath(path));

This means that in the example above, the path for the request will be 
/some/path.html%3Bjsessionid=my.id (the semi-colon is URL-encoded) and 
therefore the jsessionid parameter cannot be detected further on. And 
anyway, it doesn't seem to me like this path should be the encoded.
Now, looking at the CVS on sourceforge, you can see that the latest 
version of this class (1.34) differs from the previous version (1.33) 
with this only change, and the log comment is "AJP path encoding fix". 
Sounds like something went wrong here...
Let us know if this makes sense, and if we're on the wrong track.

Thanks,

Jean-Baptiste REURE