• Post Reply Bookmark Topic Watch Topic
  • New Topic

Why does jsessionid appear in path?

 
Stephen Lee
Ranch Hand
Posts: 74
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am now using Struts for the controller.
In my jsp file, there is
<html:form action="/login.do">
in the code.
However, when I load this page is browser, and I view the source, I found that the above code becomes
<form name="loginForm" method="POST" action="/cimweb/login.do;jsessionid=664592D1E0F0141501E1B02245C54298">
However, when I reload this page, the source becomes
<form name="loginForm" method="POST" action="/cimweb/login.do">
Why does the jsessionid appear in the first case while it disappears after reloading? Thanks!
Stephen
 
Bosun Bello
Ranch Hand
Posts: 1511
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The servlet is probably using URL Rewriting to maintain sessions because cookies may have been disabled or so. That's the reason why the sessionID is appended to the URL.
 
Adam Hardy
Ranch Hand
Posts: 567
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
... and the discrepancy between the first and the second might be because it hasn't been able to check yet whether cookies are enabled or not. (although i'm not sure on this).
Does this only happen when you first download a page from the site? Or does it happen with every form page you visit on your site?
 
Stephen Lee
Ranch Hand
Posts: 74
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
This only happens when I first download a page from the site! Is there any method to solve this? Thanks!
Stephen
 
Mike Curwen
Ranch Hand
Posts: 3695
IntelliJ IDE Java Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
That behaviour is *by design*. The very first time that you request a page from the site, the web server has no idea if you have cookies enabled or not.

So what it does for the first request, is to send the cookie with the session id, hoping you have them turned on, and as a back-up, it also writes the session id into any forms. If you don't have forms, it writes it into the URL.

The next time you ask for a page, your cookies get sent with your request. So if you had them turned on, the web server can see that, and it dispenses with the URL rewriting. But if you didn't have them on, you can still maintain session state through the jsessionid that is written into all your URLs.

You web server *may* enable you to turn off URL rewriting, but this would absolutely require your clients to enable cookies for sessions. Check your web server documentation for how to do this.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!