Wednesday, November 4, 2009

Jetty bug in url session tracking

Jetty is an amazing servlet container with an excellent architecture and splendid code. But it is not free of bugs. Weeks ago when I was working on porting an old application, which has been running in Tomcat for years, to Jetty, I realised that the code about tracking sessions using url instead of cookies is erroneous.

The origin of the problem is that Jetty doesn't expect more than one parameter in the url part reserved for the session identifier.

For instance, this url is correctly handled:;jsessionid=blablabla?query_string 

But this one fails:;jsessionid=blablabla;ramdomstr=123123?query_string 

I've reported this problem to Jetty's guys.