Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 13205 invoked from network); 5 Jan 2007 01:41:01 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 5 Jan 2007 01:41:01 -0000 Received: (qmail 16421 invoked by uid 500); 5 Jan 2007 01:40:54 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 16395 invoked by uid 500); 5 Jan 2007 01:40:54 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 16381 invoked by uid 99); 5 Jan 2007 01:40:54 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 04 Jan 2007 17:40:54 -0800 X-ASF-Spam-Status: No, hits=1.4 required=10.0 tests=DATE_IN_PAST_12_24,NO_REAL_NAME X-Spam-Check-By: apache.org Received-SPF: neutral (herse.apache.org: local policy) Received: from [66.94.9.112] (HELO svcstsnq08.hotspot.t-mobile.com) (66.94.9.112) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 04 Jan 2007 17:40:45 -0800 Received: from shahpoor (51.52.222.10.in-addr.arpa [10.222.52.51]) by svcstsnq08.hotspot.t-mobile.com (8.13.7+Sun/8.12.10) with SMTP id l051eKYt011104 for ; Thu, 4 Jan 2007 17:40:21 -0800 (PST) Message-ID: <000101c7306a$6890dfa0$3334de0a@shahpoor> From: To: "Tomcat Users List" References: <00d501c72fc8$1cb11340$3c34de0a@shahpoor> Subject: Re: URL rewriting For Session Tracking Date: Thu, 4 Jan 2007 04:01:43 -0800 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=response Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-Antivirus: avast! (VPS 0701-0, 01/03/2007), Outbound message X-Antivirus-Status: Clean X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlx=0 adultscore=0 adjust=0 reason=mlx engine=3.1.0-0612050001 definitions=main-0701040052 X-Virus-Checked: Checked by ClamAV on apache.org Hi Bill, In my case, I can't use taglibs since I am generating the code dynamically. But even if I could use taglibs, then part of what the taglib does is really using response.encodeURL("second.jsp") to do the URL rewriting without you having to worry about it. So, I think the ultimate answer is that yes, I need to do URL rewriting for each individual link in my server manually if I want user connections to have a session associated with them; any link that I don't do this for, and the user clicks on will cause the session to be lost. And as a result, there is no magic switch that Tomcat or any filter has that I can turn on to have this automatically done. This is really what I want to know, that there is no magic switch that I am missing on. The problem is that I have thousands of links in my pages, and now I have to go in and change each one of them so that they do URL rewriting in case the user's doesn't allow cookies. Am I correct in assuming that there is no magic switch in Tomcat or anywhere to have url rewriting done for me? By the way, I know that I can write a servlet filter that would parse the response being sent to the user and do URL rewriting for any link in the response, but I think that is considered a bad practice since then every link will have the jsessionid with it. Suppose I am linking to www.yahoo.com which is outside my application, then the jsessionid will be associated with that link as well which someone had mentioned it is not a safe practice. Thanks, Kasra ----- Original Message ----- From: "Bill Barker" To: Sent: Wednesday, January 03, 2007 11:51 PM Subject: Re: URL rewriting For Session Tracking > Usually you would use a tag lib for this sort of thing. With struts, it > would look something like: > second page > > wrote in message > news:00d501c72fc8$1cb11340$3c34de0a@shahpoor... >> Your reply answered another question that I had. But I think I still >> haven't described my current question clearly. suppose I have 3 JSP >> pages in my application. >> -- >> first.jsp >> second.jsp >> third.jsp >> -- >> Now, in my first.jsp, I have nothing but 2 links to the other two JSP >> pages. If I want the session to be maintain when use clicks on the links >> to go to the other pages, then can first.jsp be the following: >> -- >> second page >> third page >> -- >> Or, the code in first.jsp must be the following: >> -- >> second page >> >second page >> ---- >> >> Note: If I use the first syntax, then unless Tomcat or some patch or >> filter parse the code and add the jsessionid to the link automatically, >> then the user will be losing the session when to goes from first.jsp to >> the other ones. And that's my question; can I use the first syntax. Or >> there is no way but to use the second syntax if I want the session to be >> kept. >> >> >> Thanks, >> Kasra >> ----- Original Message ----- >> From: "Caldarale, Charles R" >> To: "Tomcat Users List" >> Sent: Wednesday, January 03, 2007 9:56 PM >> Subject: RE: URL rewriting For Session Tracking >> >> >>> From: jobs@ultratechpartners.com [mailto:jobs@ultratechpartners.com] >>> Subject: Re: URL rewriting For Session Tracking >>> >>> Basically I have a webapp and I want to have a session >>> for each user that connects to my server (just the usual >>> servlet session that is created with jsessionid). Do I >>> have to wrap every link that I have in my webapp with an >>> Httpservletresponse.encodeURL()? >> >> No. As I recall, Tomcat will not create a session automatically unless >> it's absolutely necessary (e.g., tracking authenticated users) or the >> application requests it. I'm not aware of any config parameter that >> will force creation of sessions for all clients, but all you should have >> to do is put the following somewhere in the request processing path of >> each servlet: >> request.getSession(true); >> >> This doesn't need to go into your servlet or JSP code - you can write a >> simple filter class that does nothing but run the above code to force >> the creation of a session if one doesn't already exist. The filter >> mapping can go into conf/web.xml so it will apply to all apps deployed >> within your Tomcat instance, or in each appropriate webapp's web.xml >> file. >> >> Note that per the servlet spec, Tomcat will use cookies not URL >> rewriting for session tracking; it will fall back to URL rewriting if >> the client refuses cookies. You can also disable use of cookies by >> setting cookies="false" in your elements (or the global >> conf/context.xml file). >> >> - Chuck >> >> >> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY >> MATERIAL and is thus for use only by the intended recipient. If you >> received this in error, please contact the sender and delete the e-mail >> and its attachments from all computers. >> >> --------------------------------------------------------------------- >> To start a new topic, e-mail: users@tomcat.apache.org >> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org >> For additional commands, e-mail: users-help@tomcat.apache.org >> >> >> >> --------------------------------------------------------------------- >> To start a new topic, e-mail: users@tomcat.apache.org >> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org >> For additional commands, e-mail: users-help@tomcat.apache.org >> >> > > > > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org > For additional commands, e-mail: users-help@tomcat.apache.org > > --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org