Win a copy of Learn Spring Security (video course) this week in the Spring forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

URL Rewriting .. jsessionID appears only once in the session!

 
Muni K Reddy
Ranch Hand
Posts: 74
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator


Hi Guys,
I was trying to run the above code from HF Sevlets & JSP's. I am concentrating on URL Rewriting. I have disabled cookies and I click on the link "click me" in the page. As expected, I get jsessionid appended to the URL. However, for future clicks, there is no JsessionID in the URL. I wonder why this is happening. If cookies are disabled then jsessionID should always be returned right???

Many Thanks!
[ August 29, 2007: Message edited by: Muni K Reddy ]
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you don't already have either the LiveHttpHeaders or FireBug plugins for Firefox, you might want to grab them.

They're great tools for seeing, debugging, and understanding things like this.

I'm guessing that your browser is sending back the sessionId, even though you have cookies turned off.

MSIE, for instance, has separate settings for session cookies.
They're only stored in memory and aren't preserved when you shut down he browser. A tool that allows you to see the headers will let you see if the browser is passing the cookie or not.
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Just found the setting in MSIE.
Go to tools -> Internet Options -> Privacy -> Advanced
From there there are fine grained controls that allow MSIE to accept session cookies, even if all other types of cookies are disabled.


[ August 28, 2007: Message edited by: Ben Souther ]
 
Muni K Reddy
Ranch Hand
Posts: 74
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Ben,
Unchecked the "Always allow session cookie" link. Opened a new window and still no luck!!. I use IE as you guessed. Just googling to find a plugin tool to similar to the one you have mentioned for Firefox (like the LiveHttpHeaders). Its most likely that your first guess( that sessionID is returned even if cookies are turned off) is right.

Thanks a lot!
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Did you restart MSIE after changing? Be sure to close ALL instances of it before starting a new one.
 
Muni K Reddy
Ranch Hand
Posts: 74
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Ben Souther:
Did you restart MSIE after changing? Be sure to close ALL instances of it before starting a new one.


Thanks again Ben!,
I just did the following:
  • Disabled cookies, unchecked the "Allow session cookies" check box.
  • Closed all open browser windows.
  • Deleted all existing cookies.
  • Double checked the code, adding session.setMaxInactiveInterval(10); (which was commented in the code)


  • Results:
  • First instance, I get "clickme" and welcome.
  • When i click on the link "clickme",the jsessionId gets appended. (I get "click me" Welcome Back
  • Another click immediately, the jsessionID is vanished.(I get "click me" Welcome Back)
  • I allow the 10 seconds to pass, refresh the page, I get "click me" Welcome (Which means new session), but there is no new JsessionID created when i click on "clickme"!!!
  • However, when i close the window and open a new instance and hit clickme, i get the jsessionId.


  • Do you think thats a strange behaviour? When the session is deactivated a new session and a new session ID must be created right??
    [ August 29, 2007: Message edited by: Muni K Reddy ]
     
    Ben Souther
    Sheriff
    Posts: 13411
    Firefox Browser Redhat VI Editor
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    Yes, when a session expires, a new one will be created on the next hit.

    Did you try another browser? Like FireFox?
     
    Ben Souther
    Sheriff
    Posts: 13411
    Firefox Browser Redhat VI Editor
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    Also, what container are you using?
     
    Muni K Reddy
    Ranch Hand
    Posts: 74
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    It works perfectly with Firefox!! Thank you!

    Im using Tomcat5.5 and was running on IE version7.0.5.

    Thanks a ton!!
     
    Muni K Reddy
    Ranch Hand
    Posts: 74
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    Does that mean its a bug in IE?? or is it a special feature??
     
    Ben Souther
    Sheriff
    Posts: 13411
    Firefox Browser Redhat VI Editor
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    Originally posted by Muni K Reddy:
    Does that mean its a bug in IE?? or is it a special feature??


    Hehe, good question.
    Some might tell you that MSIE IS a bug.

    More seriously,
    MSIE uses core Windows API calls for almost all of it's functionality.
    You might find that all of your settings won't take effect without a reboot of the machine (although in later versions, it's been better about these things).

    Tomcat has a feature that allows you to monitor the request headers.
    In the TOMCAT_INSTALL/conf/server.xml file, find and uncomment the
    requestDumperValve.

    Once you do this and restart Tomcat, it will start logging all of the request headers to one of the files under TOMCAT_INSTALL/logs.
    With that running, you should be able to see if MSIE is indeed sending you the sessionID cookie.

     
    Muni K Reddy
    Ranch Hand
    Posts: 74
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    Ben,
    I did exactly that and IE does create the new session ID's which Im able to read in the Tomcat logs.
    I learnt a few good things today,
    Thanks a lot!!!
    [ August 28, 2007: Message edited by: Muni K Reddy ]
     
    • Post Reply
    • Bookmark Topic Watch Topic
    • New Topic