Win a copy of Machine Learning with R: Expert techniques for predictive modeling this week in the Artificial Intelligence and Machine Learning forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Junilu Lacar
  • Jeanne Boyarsky
  • Bear Bibeault
Sheriffs:
  • Knute Snortum
  • Tim Cooke
  • Devaka Cooray
Saloon Keepers:
  • Ron McLeod
  • Stephan van Hulst
  • Tim Moores
  • Tim Holloway
  • Carey Brown
Bartenders:
  • Piet Souris
  • Frits Walraven
  • Ganesh Patekar

jsessionId in the URL throwing error page

 
Ranch Hand
Posts: 227
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I have few JSPs for which jsessionIds are getting appended in the URL, there are different ways to remove the jsessionId from the URL. What is the best possible solution. I am using weblogic. If the cookies are not enabled or cleared by the user , we need jsessionId for tracking , but if we remove jsessionId also then whether it will be a problem as there wont be any way to track the user (both cookie and session wont be there) ? Also for secure HTTPS url jsessionId is needed? and will be created still by the container? Please clarify.

Thanks
 
Rithanya Laxmi
Ranch Hand
Posts: 227
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Experts any update on this?
 
Ranch Hand
Posts: 353
2
Eclipse IDE Firefox Browser Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello,

I don't understand the whole picture.

You want to remove jsessionid, but still track a web session ?

Regards,

Germán

 
German Gonzalez-Morris
Ranch Hand
Posts: 353
2
Eclipse IDE Firefox Browser Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Anyway, you can use cookies instead, and this must be configured in weblogic.xml

https://docs.oracle.com/middleware/1212/wls/WBAPP/weblogic_xml.htm#r14c1-t9

 
Rithanya Laxmi
Ranch Hand
Posts: 227
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks, if i enable the cookies in weblogic.xml, if the user clears the cookie in his browser what will happen? whether still the Cookie will be enabled as we are removing all the jsessionId? please clarify.
 
Sheriff
Posts: 21805
104
Eclipse IDE Spring VI Editor Chrome Java Ubuntu Windows
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If a user removes all his cookies, including the session cookie, then WebLogic will not recognise an existing session for the next request. It's up to your application to determine what to. Probably the user needs to login again.
 
Rithanya Laxmi
Ranch Hand
Posts: 227
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks, is there any other option other than the application prompting user to login again to track the user session? I understand that if both cookie and session cookie are removed the only way is to ask the user to login? Is there any other alternative
 
Rob Spoor
Sheriff
Posts: 21805
104
Eclipse IDE Spring VI Editor Chrome Java Ubuntu Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If the user removed his session id cookie, there is no chance your application can identity this user accurately. You can't use the IP address because the user may share his Internet connection with others (e.g. in companies, or even home networks).
 
Brace yourself while corporate america tries to sell us its things. Some day they will chill and use tiny ads.
Java file APIs (DOC, XLS, PDF, and many more)
https://products.aspose.com/total/java
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!