• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

URL-Rewritting Technique

 
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I understand the topic about session tracking using cookies and session management,but i have litte bit confusion in the case ofusing url-rewritting technique for maintain he session tracking.So,please clarify any one,how we exchange the information in this technique,how the server knows the request is from the same client on this technique.
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Welcome to JavaRanch.

URL rewriting means to encode the session ID in all URLs that are generated in the pages created by a web app. It's the same ID that otherwise would be stored and transferred in a cookie. It has the drawback that all URLs need to be generated via the HttpServletResponse.encodeURL method.
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
From a private message:

Thanks for your answer.But,i am not understanding how i know the
session id to encode in the url.So,please give me a small programme about
this topic.I did not understand how the client manages session traking
using this technique,so please give me a small code to me.


You don't encode the session ID in an URL - that's what the call to encodeURL does. The client (browser in this case) has nothing to do with session handling - it's all done by the servlet container.

Why don't you test it by writing a servlet that generates a page containing a link to itself (and creates a session if none exists), turn off cookies in your browser, go to that page, click the link, and see what happens.

In the future, please use the forum for follow-ups, so that everyone can see it. That's what they're there for.
[ March 03, 2007: Message edited by: Ulf Dittmer ]
 
Ranch Hand
Posts: 208
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

how the server knows the request is from the same client on this technique.


Considering the following two cases for the very first request from the web browser to the web container,
a. If the browser supports cookie, the cookie info will be included in the HttpServletRequest. The web container would know who the requestor was. For subsequence request, the container may continue using cookie (or it may use sessionid) to detect the requestor.
b. If cookie is not supported, the web container will have no idea who the requestor was. For subsequence request, the container would depend on jsessionid (which generated by HttpServletResponse.encodeURL)to identify the requestor.

In both cases after the first request, the web container can use sessionid to identify the requestor.
[ March 04, 2007: Message edited by: vu lee ]
 
Ranch Hand
Posts: 93
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,
yeah...lee is absolutely right. The encodeURL(), will change your normal http URL to <url>?jsessionid=2089718#...For an example, "www.amazon.com" woulds be changed to "www.amazon.com?jsessionid='2089718#'". The servlet container, needs session id either though the HttpSession/Cookie/URL rewriting, to understand the client's session/session's validity. In this case, jsessionid will give you the session tracking key.
 
Ranch Hand
Posts: 162
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Subhadip Chatterjee:
Hi,
<url>?jsessionid=2089718#...For an example, "www.amazon.com" woulds be changed to "www.amazon.com?jsessionid='2089718#'".



I think it would be <url>;jsessionid=...
 
Ranch Hand
Posts: 472
Objective C Ubuntu Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Unless some balancers level 3 and up involved, format of url can be container specific. Importnat thing is do not try to tamper URL given by a container.
 
reply
    Bookmark Topic Watch Topic
  • New Topic