This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 405 - validator fails on rewritten tomcat URLs (;jsessionid=... dropped after semicolon)
Summary: validator fails on rewritten tomcat URLs (;jsessionid=... dropped after semic...
Alias: None
Product: Validator
Classification: Unclassified
Component: check (show other bugs)
Version: 0.7.0
Hardware: Other other
: P2 enhancement
Target Milestone: ---
Assignee: Terje Bless
QA Contact:
Depends on:
Reported: 2003-12-09 16:14 UTC by Ralf Hauser
Modified: 2004-05-16 08:43 UTC (History)
0 users

See Also:


Description Ralf Hauser 2003-12-09 16:14:18 UTC
My application rewrites the jsessionIDs always in the URL. I would assume, this
is easier for the validator to cope with than if it were to use cookies.

But still, for the above URL, I get
<< I got the following unexpected response when trying to retrieve

    500 Internal Server Error

Please make sure you have entered the URI correctly. >>
So, my interpretation is that it chops off anything after the semicolon, i.e. it
looses the sesson.

Therefore, it appears impossible with the current version to validate pages
where a user is logged in into a tomcat/struts session?
Comment 1 Ralf Hauser 2003-12-11 07:55:04 UTC
as per (Samuel), the URL must be encoded e.g.;jsessionid=69F4FB9E833C78B32C832A745790A1B9
        must be encoded (the uri attribute you're sending to validator). The
correct URL would be
 but just replacing the semicolon by %3B appears to be enough.

1) please warn the user, if a semicolon is encountered!
2) perhaps even amend the warning with some hints how to encode a URI (e.g.
which java library class to use?)
Comment 2 Terje Bless 2004-05-16 04:43:06 UTC
When you enter this URL into the form at, the Validator will
correctly deal with the semi-colon. The problem will only crop up when you try
to construct the URL manually.

We might conceivably detect this situation and emit a warning about it
(including the suggested fix), but given the amount of overhead involved and the
relative obscurity of the problem, I don't think we'll do anything about this in
the forseeable future.

Resolving WONTFIX, but feel free to reopen if I'm missing something.