[
https://issues.apache.org/jira/browse/OFBIZ-1690?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15004201#comment-15004201 ]
Jacques Le Roux edited comment on OFBIZ-1690 at 11/13/15 4:21 PM:
------------------------------------------------------------------
It's always interesting to review old issues. Actually we are now (since [r1655803|
http://svn.apache.org/viewvc?view=revision&revision=1655803] for OFBIZ-5312) in the reverse situation. By default we don't use jsessionId with <@ofbizUrl>. It now depends on the <jsessionid> parameter in Seo Config (SeoConfig.xml), because <@ofbizUrl> is associated with UrlRegexpTransform
It's a good thing. Because using [a session id|
https://en.wikipedia.org/wiki/Session_ID] to identify and follow a session is now a deprecated technique [(notably for security reason, see the OWASP link in this stackoverflow question for details)|
https://stackoverflow.com/questions/4722151/what-is-the-vulnerability-of-having-jsessionid-on-first-request-only] and everybody use cookies (try to work a complete day with cookies disabled for an experience ;)).
So I close this issue as not a problem.
was (Author: jacques.le.roux):
It's always interesting to review all issues. Actually we are now (since [r1655803|
http://svn.apache.org/viewvc?view=revision&revision=1655803] for OFBIZ-5312) in the reverse situation. By default we don't use jsessionId with <@ofbizUrl>. It now depends on the <jsessionid> parameter in Seo Config (SeoConfig.xml), because <@ofbizUrl> is associated with UrlRegexpTransform
It's a good thing. Because using [a session id|
https://en.wikipedia.org/wiki/Session_ID] to identify and follow a session is now a deprecated technique [(notably for security reason, see the OWASP link in this stackoverflow question for details)|
https://stackoverflow.com/questions/4722151/what-is-the-vulnerability-of-having-jsessionid-on-first-request-only] and everybody use cookies (try to work a complete day with cookies disabled for an experience ;)).
So I close this issue as not a problem.
> Set widget default url encode value to true
> -------------------------------------------
>
> Key: OFBIZ-1690
> URL:
https://issues.apache.org/jira/browse/OFBIZ-1690> Project: OFBiz
> Issue Type: Bug
> Components: framework
> Affects Versions: Release 4.0, Trunk
> Reporter: Bilgin Ibryam
> Assignee: Jacques Le Roux
> Priority: Minor
> Attachments: encode.patch, encode.patch
>
>
> The bug is explained here:
http://markmail.org/message/qoxevijc45yhaixo> Can someone with framework access commit it please.
> Thanks,
> Bilgin
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
Locked
