• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

How to hide the jsessionid id in my address bar in servlet programming

 
sumanta panda
Ranch Hand
Posts: 224
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Dear Sir,

In my servlet proggram

when i am click the link of ApplicationStatus.jsp in the address bar the url link is showing http://01hw173228:81/help/ApplicationStatus.jsp.

When i submit the request it will go to servelt page in the and the request address bar is showing
http://01hw173228:81/servlet/customerserviceServlet.ApplicationStatusSevlet;jsessionid=D9D00D2A2C7D55901DCFFF992B8F8E75


My doubt is when i submit it should showing http://01hw173228:81/servlet/customerserviceServlet.ApplicationStatusSevlet

Not to display jsessionid=D9D00D2A2C7D55901DCFFF992B8F8E75.






Could you please suggest me how will i hide the jsessionid id in my address bar.

Thanks in advance.

Regards
Sumanta Panda
 
Bauke Scholtz
Ranch Hand
Posts: 2458
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you get it on every request, then you need to enable the cookies in your webbrowser. Otherwise the server will be unable to track the client and thus maintain the session.

If you get it on very first request only, then you may add a Filter which does a redirect on HttpSession#isNew().
 
William Brogden
Author and all-around good cowpoke
Rancher
Posts: 13058
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
That jsessionid got written into the URL deliberately by the code that displayed the JSP where the link appeared.

Probably because that code detected that your browser is not allowing cookies.

Bill
 
Kenny Kuriakose
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Sumanta,

To answer this question, I need to ask you another question. Is this your first request in the session ?

Generally, it happens when the cookies are disabled. But, however even if cookies are enabled, first request will need to send jsessionid because the server does not yet know if browser supports cookies or not. Only when the second request comes back with a cookie, the server will realize that client supports cookies.

So, this is expected behavior in the first request ( whether cookies are enabled or not). But, for second request onwards, it depends on whether cookies are enabled.

Please correct me if I am wrong.

Thanks,
Kenny Kuriakose
SCJP, SCWCD, SCBCD, SCEA - part 1
 
sumanta panda
Ranch Hand
Posts: 224
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Dear William,
i need to show the url link in the address bar of the browser.
But here i am not passing any jession id.
ApplicationForm.action="<%=response.encodeURL("/servlet/customerserviceServlet.ApplicationStatusSevlet")%>";

Could you please let me know if thier is any method like encodeURL which will hide the jessionid.

Thanks in advance.
Regards
Sumanta Panda
 
Amit Ghorpade
Bartender
Posts: 2854
10
Fedora Firefox Browser Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
sumanta, if you carefully read the posts above, its already mentioned that you dont append the jsesionid, its done by the server.
 
Ankit Garg
Sheriff
Posts: 9519
22
Android Google Web Toolkit Hibernate IntelliJ IDE Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sumanta if you don't want to append the jsessionid to the URL, then don't encode the URL. But as everyone is saying, in that case you will not be able to maintain session of clients who have cookies disabled in their browsers
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Take a look at the docs for the encodeURL method.
http://java.sun.com/j2ee/1.4/docs/api/javax/servlet/http/HttpServletResponse.html#encodeURL(java.lang.String)



Encodes the specified URL by including the session ID in it, or, if encoding is not needed, returns the URL unchanged. The implementation of this method includes the logic to determine whether the session ID needs to be encoded in the URL. For example, if the browser supports cookies, or session tracking is turned off, URL encoding is unnecessary.

For robust session tracking, all URLs emitted by a servlet should be run through this method. Otherwise, URL rewriting cannot be used with browsers which do not support cookies.

Parameters:
url - the url to be encoded.
Returns:
the encoded URL if encoding is needed; the unchanged URL otherwise.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic