• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Session not working on IE with high security

 
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

I have got an application running based on struts.
It's using session to store different things.

It works fine on IE when the security level is intermediate. But when it's higher (like do not accept cookies), it does not create or store the session.

Do you have a solution or a workaround.

Should I pass a sessionId in all my URLs for instance ?

sandy
 
Ranch Hand
Posts: 342
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Sandy,

This one probably belongs in the Servlet forum, but here goes. Yes, if the browser will not accept cookies you will have to fall back to URL rewriting, passing a jsessionid with each URL. Take a look at encodeURL() in HttpResponse
 
Sheriff
Posts: 4313
Android IntelliJ IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
As Ben pointed out, this is a better fit in the Servlets forum. So I'm moving it. Please continue the conversation there.

Thanks!
 
Sheriff
Posts: 13411
Firefox Browser VI Editor Redhat
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You can tweak the cookie settings in MSIE to always allow session cookies.

See:
https://coderanch.com/t/288508/JSP/java/Session-IE
 
Ranch Hand
Posts: 294
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
URL overwriting session support supposes to work with any security settings. Check if struts and your servlet container are friendly for this feature, because it's a pain to add session id in every URL manually.
 
sandy Lapoule
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
thanks for your replies.

Changing IE feature can't work for me : then users of th website think it's buggy because they don't go to the FAQ to identify there technical problem...

> Check if struts and your servlet container are friendly for this feature
How do you check and change it ?
in conf files ?
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser VI Editor Redhat
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
By default, MSIE recognizes session cookies.
If your customer's are altering the settings to tighen up security, you may be able to sway them to explicitly allow session cookies.

Otherwise, you'll need to go with url rewriting.

Originally posted by sandy Lapoule:

> Check if struts and your servlet container are friendly for this feature
How do you check and change it ?
in conf files ?



No, it will involve more than just a configuration change.
Every hyperlink and form action will have to be urlEncoded to include the session id.

see:
http://java.sun.com/j2ee/1.4/docs/api/javax/servlet/http/HttpServletResponse.html#encodeURL(java.lang.String)

If Struts has tags for building URLs (it's been a while since I've worked with a Struts app) and all of your hyperlinks use them, it may be possible to turn on the feature. Check with the Struts documentation.
You will also have to check all of the form action attributes.
[ November 23, 2005: Message edited by: Ben Souther ]
 
sandy Lapoule
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
and that encodeURL(java.lang.String), where should I call it ?
In my struts action ( at the beginning or end of the action) or on the client side ?

For the client side, I am using velocity so I am not even sure to be able to call anything to rewrite the url...


I just disabled cookie on the context : directly on my first page it's not working since I can't already give it any sessionid in parameter since I don't have any yet. Should I redirect it at the beginning in my CustomRequestProcessor ?

I don't really understand how all that is working ..
[ November 23, 2005: Message edited by: sandy Lapoule ]
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser VI Editor Redhat
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I would dig into the struts documentation and see if there is a mechanism for handling this. Things like this, after all, are why we turn to frameworks in the first place.

If Struts doesn't handle this for you or if your hyperlinks and form action attributes weren't built with whatever Struts offers, then you will need to go through all of your pages and wrap the links with this call.

By the way, we have a Struts forum on this site.
 
sandy Lapoule
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
couls anyone provide me with some sample. I can't find any ...

thanks
 
sandy Lapoule
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
ok, for the hyperlink, I found the solution for velocity : I just added the response in the request so that velocity can use it.

> Every hyperlink and form action will have to be urlEncoded to include the session id.
Concerning the form action : what needs to be done exactly ?
 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic