Granny's Programming Pearls
"inside of every large program is a small program struggling to get out"
JavaRanch.com/granny.jsp
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Jeanne Boyarsky
  • Devaka Cooray
  • Paul Clapham
Sheriffs:
  • Tim Cooke
  • Knute Snortum
  • Bear Bibeault
Saloon Keepers:
  • Ron McLeod
  • Tim Moores
  • Stephan van Hulst
  • Piet Souris
  • Ganesh Patekar
Bartenders:
  • Frits Walraven
  • Carey Brown
  • Tim Holloway

jsessionId in the URL throwing error page

 
Ranch Hand
Posts: 227
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I have few JSPs for which jsessionIds are getting appended in the URL, there are different ways to remove the jsessionId from the URL. What is the best possible solution. I am using weblogic. If the cookies are not enabled or cleared by the user , we need jsessionId for tracking , but if we remove jsessionId also then whether it will be a problem as there wont be any way to track the user (both cookie and session wont be there) ? Also for secure HTTPS url jsessionId is needed? and will be created still by the container? Please clarify.

Thanks
 
Rithanya Laxmi
Ranch Hand
Posts: 227
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Experts any update on this?
 
Ranch Hand
Posts: 352
2
Eclipse IDE Firefox Browser Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello,

I don't understand the whole picture.

You want to remove jsessionid, but still track a web session ?

Regards,

Germán

 
German Gonzalez-Morris
Ranch Hand
Posts: 352
2
Eclipse IDE Firefox Browser Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Anyway, you can use cookies instead, and this must be configured in weblogic.xml

https://docs.oracle.com/middleware/1212/wls/WBAPP/weblogic_xml.htm#r14c1-t9

 
Rithanya Laxmi
Ranch Hand
Posts: 227
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks, if i enable the cookies in weblogic.xml, if the user clears the cookie in his browser what will happen? whether still the Cookie will be enabled as we are removing all the jsessionId? please clarify.
 
Sheriff
Posts: 21758
102
Eclipse IDE Spring VI Editor Chrome Java Ubuntu Windows
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If a user removes all his cookies, including the session cookie, then WebLogic will not recognise an existing session for the next request. It's up to your application to determine what to. Probably the user needs to login again.
 
Rithanya Laxmi
Ranch Hand
Posts: 227
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks, is there any other option other than the application prompting user to login again to track the user session? I understand that if both cookie and session cookie are removed the only way is to ask the user to login? Is there any other alternative
 
Rob Spoor
Sheriff
Posts: 21758
102
Eclipse IDE Spring VI Editor Chrome Java Ubuntu Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If the user removed his session id cookie, there is no chance your application can identity this user accurately. You can't use the IP address because the user may share his Internet connection with others (e.g. in companies, or even home networks).
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!