#springUrl does not run encodeURL() [SPR-5134] #9807
Assignees
Labels
in: web
Issues in web modules (web, webmvc, webflux, websocket)
type: enhancement
A general enhancement
Milestone
Comments
spring-projects-issues
added
type: enhancement
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Sutra Zhou opened SPR-5134 and commented
The API of JEE says:
Encodes the specified URL by including the session ID in it, or, if encoding is not needed, returns the URL unchanged. The implementation of this method includes the logic to determine whether the session ID needs to be encoded in the URL. For example, if the browser supports cookies, or session tracking is turned off, URL encoding is unnecessary.
For robust session tracking, all URLs emitted by a servlet should be run through this method. Otherwise, URL rewriting cannot be used with browsers which do not support cookies.
So we should do this:
#**
*#
#macro( springUrl $relativeUrl )$response.encodeURL("$springMacroRequestContext.getContextPath()${relativeUrl}")#end
No further details from SPR-5134
The text was updated successfully, but these errors were encountered: