tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <j...@ultratechpartners.com>
Subject Re: URL rewriting For Session Tracking
Date Thu, 04 Jan 2007 12:01:43 GMT
Hi Bill,

In my case, I can't use taglibs since I am generating the code dynamically.
But even if I could use taglibs, then part of what the taglib does is really
using response.encodeURL("second.jsp") to do the URL rewriting without you
having to worry about it.  So, I think the ultimate answer is that yes, I
need to do URL rewriting for each individual link in my server manually if I
want user connections to have a session associated with them; any link that
I don't do this for, and the user clicks on will cause the session to be
lost.  And as a result, there is no magic switch that Tomcat or any filter
has that I can turn on to have this automatically done.  This is really what
I want to know, that there is no magic switch that I am missing on.

The problem is that I have thousands of links in my pages, and now I have to
go in and change each one of them so that they do URL rewriting in case the
user's doesn't allow cookies.

Am I correct in assuming that there is no magic switch in Tomcat or anywhere
to have url rewriting done for me?

By the way, I know that I can write a servlet filter that would parse the
response being sent to the user and do URL rewriting for any link in the
response, but I think that is considered a bad practice since then every
link will have the jsessionid with it.  Suppose I am linking to
www.yahoo.com which is outside my application, then the jsessionid will be
associated with that link as well which someone had mentioned it is not a
safe practice.

Thanks,
Kasra






----- Original Message ----- 
From: "Bill Barker" <wbarker@wilshire.com>
To: <users@tomcat.apache.org>
Sent: Wednesday, January 03, 2007 11:51 PM
Subject: Re: URL rewriting For Session Tracking


> Usually you would use a tag lib for this sort of thing.  With struts, it 
> would look something like:
>  <html:a href="second.jsp">second page </html:a>
>
> <jobs@ultratechpartners.com> wrote in message 
> news:00d501c72fc8$1cb11340$3c34de0a@shahpoor...
>> Your reply answered another question that I had.  But I think I still 
>> haven't described my current question clearly.  suppose I have 3 JSP 
>> pages in my application.
>> --
>> first.jsp
>> second.jsp
>> third.jsp
>> --
>> Now, in my first.jsp, I have nothing but 2 links to the other two JSP 
>> pages. If I want the session to be maintain when use clicks on the links 
>> to go to the other pages, then can first.jsp be the following:
>> --
>> <a href="second.jsp">second page</a>
>> <a href="third.jsp">third page</a>
>> --
>> Or, the code in first.jsp must be the following:
>> --
>> <a href='<%=response.encodeURL("second.jsp")%>'>second page</a>
>> <a href='<%=response.encodeURL("second.jsp")'%>>second page</a>
>> ----
>>
>> Note:  If I use the first syntax, then unless Tomcat or some patch or 
>> filter parse the code and add the jsessionid to the link automatically, 
>> then the user will be losing the session when to goes from first.jsp to 
>> the other ones.  And that's my question; can I use the first syntax.  Or 
>> there is no way but to use the second syntax if I want the session to be 
>> kept.
>>
>>
>> Thanks,
>> Kasra
>> ----- Original Message ----- 
>> From: "Caldarale, Charles R" <Chuck.Caldarale@unisys.com>
>> To: "Tomcat Users List" <users@tomcat.apache.org>
>> Sent: Wednesday, January 03, 2007 9:56 PM
>> Subject: RE: URL rewriting For Session Tracking
>>
>>
>>> From: jobs@ultratechpartners.com [mailto:jobs@ultratechpartners.com]
>>> Subject: Re: URL rewriting For Session Tracking
>>>
>>> Basically I have a webapp and I want to have a session
>>> for each user that connects to my server (just the usual
>>> servlet session that is created with jsessionid).  Do I
>>> have to wrap every link that I have in my webapp with an
>>> Httpservletresponse.encodeURL()?
>>
>> No.  As I recall, Tomcat will not create a session automatically unless
>> it's absolutely necessary (e.g., tracking authenticated users) or the
>> application requests it.  I'm not aware of any config parameter that
>> will force creation of sessions for all clients, but all you should have
>> to do is put the following somewhere in the request processing path of
>> each servlet:
>>        request.getSession(true);
>>
>> This doesn't need to go into your servlet or JSP code - you can write a
>> simple filter class that does nothing but run the above code to force
>> the creation of a session if one doesn't already exist.  The filter
>> mapping can go into conf/web.xml so it will apply to all apps deployed
>> within your Tomcat instance, or in each appropriate webapp's web.xml
>> file.
>>
>> Note that per the servlet spec, Tomcat will use cookies not URL
>> rewriting for session tracking; it will fall back to URL rewriting if
>> the client refuses cookies.  You can also disable use of cookies by
>> setting cookies="false" in your <Context> elements (or the global
>> conf/context.xml file).
>>
>> - Chuck
>>
>>
>> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
>> MATERIAL and is thus for use only by the intended recipient. If you
>> received this in error, please contact the sender and delete the e-mail
>> and its attachments from all computers.
>>
>> ---------------------------------------------------------------------
>> To start a new topic, e-mail: users@tomcat.apache.org
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>>
>> ---------------------------------------------------------------------
>> To start a new topic, e-mail: users@tomcat.apache.org
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
>
>
>
> ---------------------------------------------------------------------
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
> 


---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message