aspose file tools*
The moose likes Servlets and the fly likes Session ID conveyed as part of URL Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Session ID conveyed as part of URL" Watch "Session ID conveyed as part of URL" New topic
Author

Session ID conveyed as part of URL

Deepak Aneja
Greenhorn

Joined: Mar 10, 2006
Posts: 3
Hello,
We have build struts based application,deployed on Tomcat and Weblogic. Sometimes while navigating web pages jsessionid is appended to URL which is not required by our client.Is there any way to truncate sessionid from URL.

If some changes from server side is required ,Please also tell me which all files needed to be changed both at Tomcat as well as on Weblogic.

Thanks in advance


Deepak Aneja
Anupam Sinha
Ranch Hand

Joined: Apr 13, 2003
Posts: 1088
I guess using the encodeURL causes this kind of behaviour. Check in case your application is using it somewhere. Before removing make sure that if the client does not support cookies then it might be prety hard for you to maintain the state.
Deepak Aneja
Greenhorn

Joined: Mar 10, 2006
Posts: 3
Originally posted by Anupam Sinha:
I guess using the encodeURL causes this kind of behaviour. Check in case your application is using it somewhere. Before removing make sure that if the client does not support cookies then it might be prety hard for you to maintain the state.


Hi Anupam thanks for reply,
Problem is client does not support cookies,so we have to find some solution
which overcome this problem, might be some changes at server side for redirection rule or something.Any ideas will be appreciated.
Anupam Sinha
Ranch Hand

Joined: Apr 13, 2003
Posts: 1088
I think that it would be pretty difficult to maintain the state in case you are not using URL rewriting and are also not using cookies. Can you switch over to https. Probably that might help you.
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

JSP sessions are maintained in one of two ways.
Cookies or URL Re-writing.

If your client doesn't support cookies and you're using sessions, then the session id in the url will need to stay.

There is actually a third way too.
It can use the mechanisms provided by SSL.
[ March 10, 2006: Message edited by: Ben Souther ]

Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
Deepak Aneja
Greenhorn

Joined: Mar 10, 2006
Posts: 3
Originally posted by Anupam Sinha:
I think that it would be pretty difficult to maintain the state in case you are not using URL rewriting and are also not using cookies. Can you switch over to https. Probably that might help you.


Hi Anupam thanks for reply,
We are already using https,there is one confusion in your reply.What exactly do you mean by URL rewriting?

OK let me explain you my problem further.First, We are using servlet API HttpSession object for maintaining session information does it mean same as URL Rewriting?

Second, jsessionid is displayed only once when we access our Application URL and click on any of one link within application , after that jsessionid never appears in URL within same browser.In short for every new browser,jsessionid will appear once.


I hope that with these two points problem will be more clear to you.

thanks and suggestion will be appreciated.
Anupam Sinha
Ranch Hand

Joined: Apr 13, 2003
Posts: 1088
I guess that its the second time you request for a page that the session ID is displayed. For example : After login the second request that the client sends in contains the jsessionID?

Well probably I will also have to search a solution if possible. I haven't ever come across such a scenario. Probably Ben, Bear or David would be in a better position to help. Will try and think about this one.

URL re-witing is simply suffixing the URL with the session ID. Yeah if you are using Sessions then the container needs to maintain sessions and for the container that would be either through cookies and/or URL re-writing.

If you are using https. I guess thats a protocol that can maintain state?
[ March 10, 2006: Message edited by: Anupam Sinha ]
Bosun Bello
Ranch Hand

Joined: Nov 06, 2000
Posts: 1506
If you are generating your URLs using struts via the html:??? tag, all URLs on the first entry point into your application referencing your site are automatically rewritten. Why? Because the container does not know if the browser supports cookies or not. After the first request, the container will then find out that the browser supports cookies, and this, will not need to rewrite any URLs.


Bosun (SCJP, SCWCD)
So much trouble in the world -- Bob Marley
Vishnu Prakash
Ranch Hand

Joined: Nov 15, 2004
Posts: 1026

Second, jsessionid is displayed only once when we access our Application URL and click on any of one link within application , after that jsessionid never appears in URL within same browser.In short for every new browser,jsessionid will appear once.


For the first time container uses both cookies as well as URL-Rewriting for maintaining session. When client accepts cookies then JSESSIONID will NOT be appended to your URL. As per what you had said this should be the case.

You had also mentioned your application also uses HTTPS. Probably that might have been used initially for transfering user crendentials safely and switch back to HTTP.


If you are using https. I guess thats a protocol that can maintain state?


Yes HTTPS maintains session internally. NO Cookie (or) URLRewriting is required.


Servlet Spec 2.4/ Jsp Spec 2.0/ JSTL Spec 1.1 - JSTL Tag Documentation
Jainbai Berchmance
Greenhorn

Joined: Feb 08, 2010
Posts: 17
Any solution for the above issue?It would be very helpful,if you could provide a any updates on this..Most welcome
 
 
subject: Session ID conveyed as part of URL
 
Similar Threads
WebLogic Questions
Problem Migrating a Project from Weblogic 9.2 to Tomcat 6.0.29
Query reg Tomcat connection pool
No class def found : com/bea/xml/XMLException
Steps Required:WAR file