tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <>
Subject Re: URL rewriting For Session Tracking
Date Thu, 04 Jan 2007 06:18:11 GMT
Your reply answered another question that I had.  But I think I still 
haven't described my current question clearly.  suppose I have 3 JSP pages 
in my application.
Now, in my first.jsp, I have nothing but 2 links to the other two JSP pages. 
If I want the session to be maintain when use clicks on the links to go to 
the other pages, then can first.jsp be the following:
<a href="second.jsp">second page</a>
<a href="third.jsp">third page</a>
Or, the code in first.jsp must be the following:
<a href='<%=response.encodeURL("second.jsp")%>'>second page</a>
<a href='<%=response.encodeURL("second.jsp")'%>>second page</a>

Note:  If I use the first syntax, then unless Tomcat or some patch or filter 
parse the code and add the jsessionid to the link automatically, then the 
user will be losing the session when to goes from first.jsp to the other 
ones.  And that's my question; can I use the first syntax.  Or there is no 
way but to use the second syntax if I want the session to be kept.

----- Original Message ----- 
From: "Caldarale, Charles R" <>
To: "Tomcat Users List" <>
Sent: Wednesday, January 03, 2007 9:56 PM
Subject: RE: URL rewriting For Session Tracking

> From: []
> Subject: Re: URL rewriting For Session Tracking
> Basically I have a webapp and I want to have a session
> for each user that connects to my server (just the usual
> servlet session that is created with jsessionid).  Do I
> have to wrap every link that I have in my webapp with an
> Httpservletresponse.encodeURL()?

No.  As I recall, Tomcat will not create a session automatically unless
it's absolutely necessary (e.g., tracking authenticated users) or the
application requests it.  I'm not aware of any config parameter that
will force creation of sessions for all clients, but all you should have
to do is put the following somewhere in the request processing path of
each servlet:

This doesn't need to go into your servlet or JSP code - you can write a
simple filter class that does nothing but run the above code to force
the creation of a session if one doesn't already exist.  The filter
mapping can go into conf/web.xml so it will apply to all apps deployed
within your Tomcat instance, or in each appropriate webapp's web.xml

Note that per the servlet spec, Tomcat will use cookies not URL
rewriting for session tracking; it will fall back to URL rewriting if
the client refuses cookies.  You can also disable use of cookies by
setting cookies="false" in your <Context> elements (or the global
conf/context.xml file).

 - Chuck

MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.

To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

To start a new topic, e-mail:
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message