Regarding URL rewriting for session support, which of the following is true?
1.Every URL that the client uses must include jsessionid.
2.Only the first request that the client makes must include jsessionid.
And what's the right answer ? Enthruware is claiming 1.
But I think 2:
yes - but you cant be sure if client uses cookiek or not
so you should everywhere in your code use url rewriting (if you want to be flexible and work with users with and without cookies) and smart container should detect if client has cookies enabled, and add (or not) jsessionid to all urls.
so my question stays open.
I can agree -
if user is not accepting cookies - all urls are appended by jsessionid
but if user is accepting cookies - only first (and maybe second) request must be appended (and after that container knows that user is accepting cookies, and all session keeping is based on cookies)
I understand what you mean. Checking if adding the jsessionid is necessary or not is part of "URL rewriting" is debatable.
Does URL rewriting simlpy means "adding the jsessionid" to the url ? Or does it include checking whether or not it is necessary ? I think it's HttpServletResponse#encodeURL's job to check it. But is it part of URL rewriting ?
SRV.7.1.3 URL Rewriting
URL rewriting is the lowest common denominator of session tracking. When a client will not accept a cookie, URL rewriting may be used by the server as the basis for session tracking. URL rewriting involves adding data, a session ID, to the URL path that is interpreted by the container to associate the request with a session. The session ID must be encoded as a path parameter in the URL string. The name of the parameter must be jsessionid.
I feel that the part in bold implies that the checking process is not part of url rewriting. What do you think ?
Joined: Aug 04, 2009
tnx - now I thing you have right
I was assuming that HttpServletResponse#encodeURL = url rewriting, but SRV.7.1.3 URL Rewriting clearly says that it's not.