File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes Enthruware url rewriting question Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of OCA/OCP Java SE 7 Programmer I & II Study Guide this week in the OCPJP forum!
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "Enthruware url rewriting question" Watch "Enthruware url rewriting question" New topic
Author

Enthruware url rewriting question

Łukasz Suchecki
Ranch Hand

Joined: Aug 04, 2009
Posts: 55

Regarding URL rewriting for session support, which of the following is true?

1.Every URL that the client uses must include jsessionid.
2.Only the first request that the client makes must include jsessionid.


And what's the right answer ? Enthruware is claiming 1.

But I think 2:
When using url rewriting in your source code everything depends on how smart is the container. If it is "stupid", always when you use url rewriting it's always adding jsessionid to URL. But if it's "smart" jsessionid is added only to first request. If the container noticed that client uses cookies next requests will not have jsessionid in url because keeping session will be "cookie based".

Who is right ?
Christophe Verré
Sheriff

Joined: Nov 24, 2005
Posts: 14688
    
  16

If the container noticed that client uses cookies next requests will not have jsessionid in url because keeping session will be "cookie based".

URL rewriting is used when the client does not accept cookies.


[My Blog]
All roads lead to JavaRanch
Łukasz Suchecki
Ranch Hand

Joined: Aug 04, 2009
Posts: 55
yes - but you cant be sure if client uses cookiek or not
so you should everywhere in your code use url rewriting (if you want to be flexible and work with users with and without cookies) and smart container should detect if client has cookies enabled, and add (or not) jsessionid to all urls.

so my question stays open.
I can agree -
if user is not accepting cookies - all urls are appended by jsessionid
but if user is accepting cookies - only first (and maybe second) request must be appended (and after that container knows that user is accepting cookies, and all session keeping is based on cookies)
Christophe Verré
Sheriff

Joined: Nov 24, 2005
Posts: 14688
    
  16

I understand what you mean. Checking if adding the jsessionid is necessary or not is part of "URL rewriting" is debatable.

Does URL rewriting simlpy means "adding the jsessionid" to the url ? Or does it include checking whether or not it is necessary ? I think it's HttpServletResponse#encodeURL's job to check it. But is it part of URL rewriting ?

SRV.7.1.3 URL Rewriting
URL rewriting is the lowest common denominator of session tracking. When a client will not accept a cookie, URL rewriting may be used by the server as the basis for session tracking. URL rewriting involves adding data, a session ID, to the URL path that is interpreted by the container to associate the request with a session. The session ID must be encoded as a path parameter in the URL string. The name of the parameter must be jsessionid.

I feel that the part in bold implies that the checking process is not part of url rewriting. What do you think ?
Łukasz Suchecki
Ranch Hand

Joined: Aug 04, 2009
Posts: 55
tnx - now I thing you have right

I was assuming that HttpServletResponse#encodeURL = url rewriting, but SRV.7.1.3 URL Rewriting clearly says that it's not.

Topic to close
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Enthruware url rewriting question