aspose file tools*
The moose likes Servlets and the fly likes Cookies and response.sendRedirect Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Cookies and response.sendRedirect" Watch "Cookies and response.sendRedirect" New topic
Author

Cookies and response.sendRedirect

Max Tomlinson
Ranch Hand

Joined: Jul 17, 2001
Posts: 365
Hi all-
I�m writing a servlet filter to redirect various URLs in our applications.
It works in conjunction with an Authentication Filter.
1)The Authentication Filter puts authentication parms into the request header for apps to use (using req.setAttribute).
2)The Redirect Filter intercepts various pages, checks the authentication parms, and may redirect to an appropriate page (usually a start page).
The part I�m having problems with is that the redirect filter must a) set more parms in the request header (using req.setAttribute) and b) set a cookie before it redirects. This is not being done, I suspect, because the redirect (response.sendRedirect) is ignoring them. I have to use response.redirect as the redirected URL can be on another server.
Can I do this? Redirect AND set parms + cookie as well?
I�m using WAS 5.1.
Thanks,
Max Tomlinson
William Brogden
Author and all-around good cowpoke
Rancher

Joined: Mar 22, 2000
Posts: 12681
    
    5
Short answer - No
Because redirect tells the browser to generate a new request to a different URL, nothing your servlet does can change the headers that the browser will create for that request.
You can forward a modified request but redirect can only set the URL.
You might sent a response that contains a page full of JavaScript that generates a new request but I don't know if JavaScript will let you do everything you want.
Bill


Java Resources at www.wbrogden.com
Max Tomlinson
Ranch Hand

Joined: Jul 17, 2001
Posts: 365
Thanks Bill-
Let me make sure I've got this right:
I can't use a RequestDispatcher since some of my redirected urls will be on other servers--right? Apart from the javascript approach you mentioned my only option is to use response.sendRedirect, correct?
Which means no modifying of headers or cookies, I guess.
thanks
Max
William Brogden
Author and all-around good cowpoke
Rancher

Joined: Mar 22, 2000
Posts: 12681
    
    5
One option that has been discussed here before is to have your servlet make the connection to the other server, using request variables your servlet creates - in effect, your servlet creates a client for the other service and relays the output of the other service to your real client. This gets pretty complicated for all but the simplest responses.
Bill
Mike Curwen
Ranch Hand

Joined: Feb 20, 2001
Posts: 3695

The key with response.sendRedirect is that the browser will make a "brand new request" for the resource you are redirecting to. In that way, you loose all attributes that you set on the 'previous' request.

One option is to use request parameters instead. You could do something like:

String redir = "/foo?a=x&b=y";
response.sendRedirect(redir);

But then your parameters are visible.

The other option was what Bill was mentioning - a page of javascript with a form that submits on page load (with method=post). Then you'd still need to be looking in the request parameter space (not attributes).


As a side note... setting a cookie with response.sendRedirect seems to work, I just tried it the other day and it works. Tomcat 4.1.29, IE 6, Mozilla.

I suspect that browsers are capable of acting appropriately to both a cookie in the header, and a 300-type "find that page over here" header.
Max Tomlinson
Ranch Hand

Joined: Jul 17, 2001
Posts: 365
Mike, Bill-
Thanks for the replies:
Mike:
So setting a cookie in the header DOES work for IE 6?
I'll have to double-check...I didn't see where that was happening.
thanks again
Max
Mike Curwen
Ranch Hand

Joined: Feb 20, 2001
Posts: 3695

seems to.

the code below (in a servlet) works for me.

To get IE to slow down and show you cookies:
Tools | Internet Options | Privacy tab | Advanced button
Check the 'override' box and select 'prompt' for first-party cookies. And make sure the 'accept session cookies' is unchecked.

I'm able to see both my jsessionid cookie and my other manually set cookie being set, and then the redirect occurs. The cookie is still good after this.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Cookies and response.sendRedirect
 
Similar Threads
Restrict direct access to my actions?
Servlet to html
request.set/get Attribute error
Using Filters with Struts
How to set custom HTTP REQUEST HEADER