Win a copy of Practical SVG this week in the HTML/CSS/JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

URL-Rewritting Technique

 
Maadhava Rao
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I understand the topic about session tracking using cookies and session management,but i have litte bit confusion in the case ofusing url-rewritting technique for maintain he session tracking.So,please clarify any one,how we exchange the information in this technique,how the server knows the request is from the same client on this technique.
 
Ulf Dittmer
Rancher
Posts: 42970
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Welcome to JavaRanch.

URL rewriting means to encode the session ID in all URLs that are generated in the pages created by a web app. It's the same ID that otherwise would be stored and transferred in a cookie. It has the drawback that all URLs need to be generated via the HttpServletResponse.encodeURL method.
 
Ulf Dittmer
Rancher
Posts: 42970
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
From a private message:
Thanks for your answer.But,i am not understanding how i know the
session id to encode in the url.So,please give me a small programme about
this topic.I did not understand how the client manages session traking
using this technique,so please give me a small code to me.

You don't encode the session ID in an URL - that's what the call to encodeURL does. The client (browser in this case) has nothing to do with session handling - it's all done by the servlet container.

Why don't you test it by writing a servlet that generates a page containing a link to itself (and creates a session if none exists), turn off cookies in your browser, go to that page, click the link, and see what happens.

In the future, please use the forum for follow-ups, so that everyone can see it. That's what they're there for.
[ March 03, 2007: Message edited by: Ulf Dittmer ]
 
vu lee
Ranch Hand
Posts: 208
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
how the server knows the request is from the same client on this technique.

Considering the following two cases for the very first request from the web browser to the web container,
a. If the browser supports cookie, the cookie info will be included in the HttpServletRequest. The web container would know who the requestor was. For subsequence request, the container may continue using cookie (or it may use sessionid) to detect the requestor.
b. If cookie is not supported, the web container will have no idea who the requestor was. For subsequence request, the container would depend on jsessionid (which generated by HttpServletResponse.encodeURL)to identify the requestor.

In both cases after the first request, the web container can use sessionid to identify the requestor.
[ March 04, 2007: Message edited by: vu lee ]
 
Subhadip Chatterjee
Ranch Hand
Posts: 93
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
yeah...lee is absolutely right. The encodeURL(), will change your normal http URL to <url>?jsessionid=2089718#...For an example, "www.amazon.com" woulds be changed to "www.amazon.com?jsessionid='2089718#'". The servlet container, needs session id either though the HttpSession/Cookie/URL rewriting, to understand the client's session/session's validity. In this case, jsessionid will give you the session tracking key.
 
Georgy Bolyuba
Ranch Hand
Posts: 162
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Subhadip Chatterjee:
Hi,
<url>?jsessionid=2089718#...For an example, "www.amazon.com" woulds be changed to "www.amazon.com?jsessionid='2089718#'".


I think it would be <url>;jsessionid=...
 
D Rog
Ranch Hand
Posts: 472
Linux Objective C Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Unless some balancers level 3 and up involved, format of url can be container specific. Importnat thing is do not try to tamper URL given by a container.
 
You can't expect to wield supreme executive power just because
the new thread boost feature: great for the advertiser and smooth for the coderanch user
https://coderanch.com/t/674455/Thread-Boost-feature
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!