Bug 47320 - Decoding jsessionid bug on z/os
Summary: Decoding jsessionid bug on z/os
Alias: None
Product: Tomcat 6
Classification: Unclassified
Component: Catalina (show other bugs)
Version: 6.0.18
Hardware: Other other
: P2 normal (vote)
Target Milestone: default
Assignee: Tomcat Developers Mailing List
Depends on:
Reported: 2009-06-05 08:37 UTC by David Mirly
Modified: 2009-10-03 11:20 UTC (History)
0 users


Note You need to log in before you can comment on or make changes to this bug.
Description David Mirly 2009-06-05 08:37:24 UTC
If you receive a rewritten URL on z/os with uss (unix on a mainframe), Tomcat
does not properly decode the jsessionid portion of the URL.

The problem is in org.apache.catalina.connector.CoyoteAdapter in the parseSessionId method.

The two instantiations of a String object do not specify the encdoding to use.

e.g. String sid = new String(uriBC.getBuffer(), start + sessionIdStart,
                            semicolon2 - sessionIdStart); 

...as well as the second String instantiation in this method.

Consequently z/os uses its default encoding which (I think) is EBCDIC.

If I recompile with a hardcoded "UTF-8" for the encoding then the jsessionid decodes properly.  Not that I am suggesting this literally for the official fix.

e.g. String sid = new String(uriBC.getBuffer(), start + sessionIdStart,
                            semicolon2 - sessionIdStart, "UTF-8");
Comment 1 Mark Thomas 2009-09-27 09:50:21 UTC
I have commited a fix to trunk (r819339) and proposed it for 6.0.x. Any feedback you can provide on the success, or not, of this patch on z/os would be appreciated.
Comment 2 Mark Thomas 2009-10-03 11:20:13 UTC
This has been fixed in 6.0.x and will be included in 6.0.21 onwards.