• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Question about URL rewriting

 
Ranch Hand
Posts: 379
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
When cookies are disabled, does the Container *always* append the session ID (doesn't matter if new or old) to the response? I'm reading HF, and I know that I can use response.encodeURL("/myResource.do").

My scenario, is as follows (imagining it with cookies disabled):

Request -> ServletA -> Business Delegate -> Model (get Data) -> ServletA (with data) -> set data as session attributes -> RequestDispatcher.forward() to a JSP page, which displays data

My question is: will the JSP have the session ID when the response will be sent? Does the container append the session ID at the end of the response? If the session ID is available, is it enough for me to create all the URLs with <c:url> to have the session ID automatically appended?

If I haven't got any URLs (let's say I have got a form with POST method), shall I append the session ID to the 'action' attribute of the form element? If so, how can I do it? The problem here in my scenario is that potentially all the servlets don't write directly to the response, so these can't use response.encodeURL(), but at the same time I'd like my application to be as much popular as possible.

Thanks,
[ October 18, 2004: Message edited by: Marco Tedone ]
 
Ranch Hand
Posts: 39
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,
I dont see any problem with your application, just wherever the urls are being written to the response ,wrap them using response.encodeURL or use c:url tag.

if you have a form ,encolse the action attribute value using either of the one.
hope this helps
 
alzamabar
Ranch Hand
Posts: 379
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm still having problems with URL rewriting. I'm using IE6, and disabled completely Cookies (as a matter of fact, when I accessed this site, although I've logged in, the system kept telling me that I had to log in...maybe a bug? ) )

However, I disabled cookies because I wanted to try URL rewriting. However, when I print the content of the request header I get the following:

2004-10-19 20:57:33 StandardContext[/Beer-v1]SecondRequest: Is the session new?:false
2004-10-19 20:57:33 StandardContext[/Beer-v1]SecondRequest: Session id:31E5350DD4691BEA17C54D4CF66331D1
2004-10-19 20:57:33 StandardContext[/Beer-v1]SecondRequest: Is the session id from cookies?:true
2004-10-19 20:57:33 StandardContext[/Beer-v1]SecondRequest: Header:acceptvalue:image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
2004-10-19 20:57:33 StandardContext[/Beer-v1]SecondRequest: Header:referervalue:http://localhost:8585/Beer-v1/RequestResponse.do;jsessionid=31E5350DD4691BEA17C54D4CF66331D12004-10-19 20:57:33 StandardContext[/Beer-v1]SecondRequest: Header:accept-languagevalue:en-gb
2004-10-19 20:57:33 StandardContext[/Beer-v1]SecondRequest: Header:content-typevalue:application/x-www-form-urlencoded
2004-10-19 20:57:33 StandardContext[/Beer-v1]SecondRequest: Header:accept-encodingvalue:gzip, deflate
2004-10-19 20:57:33 StandardContext[/Beer-v1]SecondRequest: Header:user-agentvalue:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
2004-10-19 20:57:33 StandardContext[/Beer-v1]SecondRequest: Header:hostvalue:localhost:8585
2004-10-19 20:57:33 StandardContext[/Beer-v1]SecondRequest: Header:content-lengthvalue:0
2004-10-19 20:57:33 StandardContext[/Beer-v1]SecondRequest: Header:connectionvalue:Keep-Alive
2004-10-19 20:57:33 StandardContext[/Beer-v1]SecondRequest: Header:cache-controlvalue:no-cache
2004-10-19 20:57:33 StandardContext[/Beer-v1]SecondRequest: Header:cookievalue:JSESSIONID=31E5350DD4691BEA17C54D4CF66331D1


As you can see the cookie with the JSESSIONID has been put in the request header.
[ October 19, 2004: Message edited by: Marco Tedone ]
 
Ranch Hand
Posts: 121
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I don't completely understand your question, but could it have something to do with the fact that the container attempts to use both cookies and URL rewriting at first... subsequently defaulting to cookies if they work and URL rewriting if cookies don't work?
 
Ranch Hand
Posts: 138
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Take view source of the page and see whether the session id is getting passed.
 
Ranch Hand
Posts: 4982
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Have you tried remove the cookie from your file system as well, instead of just disabling it in IE?

Nick
 
alzamabar
Ranch Hand
Posts: 379
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Yes. Actually I deleted all cookies but the session id doesn't get passed and the browser still uses cookies.
 
Nicholas Cheung
Ranch Hand
Posts: 4982
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator


Yes. Actually I deleted all cookies but the session id doesn't get passed and the browser still uses cookies.




How can this be possible?!~~~ When does the cookie info come from then, if the cookies are all destroyed!!!

Have you checked whether there are other cookies files???

Nick
 
author
Posts: 199
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Marco,

It is important to recongize *all* URLs in the HTML that your JSPs generate and encode all of these using the c:url JSTL tag. Off the top of my head, these are the most important URL "locations:"







There are other URL locations, such as links that load CSS or JavaScript files into the browser, but these three are the biggies.

The issues you are seeing with IE (passing cookies after you turned them off) could very well be an IE bug. Wouldn't be the first time.

-Bryan
 
alzamabar
Ranch Hand
Posts: 379
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Bryan Basham:
Hi Marco,

It is important to recongize *all* URLs in the HTML that your JSPs generate and encode all of these using the c:url JSTL tag. Off the top of my head, these are the most important URL "locations:"







There are other URL locations, such as links that load CSS or JavaScript files into the browser, but these three are the biggies.

The issues you are seeing with IE (passing cookies after you turned them off) could very well be an IE bug. Wouldn't be the first time.

-Bryan



For actions I've used:

<c:url var="actionUrl" value="myAction.do" />

<form action='<c ut value="${actionUrl}" />' method="post" />
 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic