• Post Reply Bookmark Topic Watch Topic
  • New Topic

Force session through URL rewriting

 
Renato Losio
Ranch Hand
Posts: 99
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello

looking for a way to force session management by URL rewriting.

I would like to disable cookies on the SERVER side, whether or not the browser accepts cookies (force the URL rewrite, regarless of the jsessionid)

Is that possibile? COnfiguration property (JBoss, Tomcat) or coding?

I though about a filter on the request but at that point the session is already there...

Cheers,

Renato
 
Christophe Verré
Sheriff
Posts: 14691
16
Eclipse IDE Ubuntu VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Is that possibile? COnfiguration property (JBoss, Tomcat) or coding?

Coding. For example, using JSTL <c:url> tag or calling encodeURL() in servlets.
 
Renato Losio
Ranch Hand
Posts: 99
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Satou,

thanks for your prompt reply. I am still a bit puzzled, can you elaborate it a bit more? If I call the encodeURL() in servlet, what happen when the browser support the cookie?

Cheers,

Renato
 
Christophe Verré
Sheriff
Posts: 14691
16
Eclipse IDE Ubuntu VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I think that the container will rewrite the url only if the client does not support cookies.
 
Renato Losio
Ranch Hand
Posts: 99
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ok. As my original post, I would like to user URL rewriting regardless of the browser choice. Have you or anyone else idea how to achieve that?
 
Arvind Sampath
Ranch Hand
Posts: 144
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I dont know the solution. May I know why exactly are you trying to avoid cookies?
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Arvind's question is a good one.
Why not just provide the sessionID in the url and let the container decide which mechanism to use?
 
Renato Losio
Ranch Hand
Posts: 99
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Many thanks for your inputs.

I (almost) agree. That would be actually nice, if I had control of the requirements / specs. At the moment I have to check the feasibility of the other option, regardless of the known side efects (performance, static pages,...)..

If I cannot do that, it's fine. But I need to be sure I can't achieved that (for example, looks like there are some setting in Bea and Tomcat to disable cookies but I wonder if the same result can be achieved programmatically, I don't like to be you vendor dependent)

Renato
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!