• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Cookies and response.sendRedirect

 
Ranch Hand
Posts: 365
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi all-
I�m writing a servlet filter to redirect various URLs in our applications.
It works in conjunction with an Authentication Filter.
1)The Authentication Filter puts authentication parms into the request header for apps to use (using req.setAttribute).
2)The Redirect Filter intercepts various pages, checks the authentication parms, and may redirect to an appropriate page (usually a start page).
The part I�m having problems with is that the redirect filter must a) set more parms in the request header (using req.setAttribute) and b) set a cookie before it redirects. This is not being done, I suspect, because the redirect (response.sendRedirect) is ignoring them. I have to use response.redirect as the redirected URL can be on another server.
Can I do this? Redirect AND set parms + cookie as well?
I�m using WAS 5.1.
Thanks,
Max Tomlinson
 
Author and all-around good cowpoke
Posts: 13078
6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Short answer - No
Because redirect tells the browser to generate a new request to a different URL, nothing your servlet does can change the headers that the browser will create for that request.
You can forward a modified request but redirect can only set the URL.
You might sent a response that contains a page full of JavaScript that generates a new request but I don't know if JavaScript will let you do everything you want.
Bill
 
Max Tomlinson
Ranch Hand
Posts: 365
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks Bill-
Let me make sure I've got this right:
I can't use a RequestDispatcher since some of my redirected urls will be on other servers--right? Apart from the javascript approach you mentioned my only option is to use response.sendRedirect, correct?
Which means no modifying of headers or cookies, I guess.
thanks
Max
 
William Brogden
Author and all-around good cowpoke
Posts: 13078
6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
One option that has been discussed here before is to have your servlet make the connection to the other server, using request variables your servlet creates - in effect, your servlet creates a client for the other service and relays the output of the other service to your real client. This gets pretty complicated for all but the simplest responses.
Bill
 
Ranch Hand
Posts: 3695
IntelliJ IDE Java Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The key with response.sendRedirect is that the browser will make a "brand new request" for the resource you are redirecting to. In that way, you loose all attributes that you set on the 'previous' request.

One option is to use request parameters instead. You could do something like:

String redir = "/foo?a=x&b=y";
response.sendRedirect(redir);

But then your parameters are visible.

The other option was what Bill was mentioning - a page of javascript with a form that submits on page load (with method=post). Then you'd still need to be looking in the request parameter space (not attributes).


As a side note... setting a cookie with response.sendRedirect seems to work, I just tried it the other day and it works. Tomcat 4.1.29, IE 6, Mozilla.

I suspect that browsers are capable of acting appropriately to both a cookie in the header, and a 300-type "find that page over here" header.
 
Max Tomlinson
Ranch Hand
Posts: 365
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Mike, Bill-
Thanks for the replies:
Mike:
So setting a cookie in the header DOES work for IE 6?
I'll have to double-check...I didn't see where that was happening.
thanks again
Max
 
Mike Curwen
Ranch Hand
Posts: 3695
IntelliJ IDE Java Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
seems to.

the code below (in a servlet) works for me.

To get IE to slow down and show you cookies:
Tools | Internet Options | Privacy tab | Advanced button
Check the 'override' box and select 'prompt' for first-party cookies. And make sure the 'accept session cookies' is unchecked.

I'm able to see both my jsessionid cookie and my other manually set cookie being set, and then the redirect occurs. The cookie is still good after this.
 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic