• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Enthruware url rewriting question

 
Łukasz Suchecki
Ranch Hand
Posts: 55
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Regarding URL rewriting for session support, which of the following is true?

1.Every URL that the client uses must include jsessionid.
2.Only the first request that the client makes must include jsessionid.


And what's the right answer ? Enthruware is claiming 1.

But I think 2:
When using url rewriting in your source code everything depends on how smart is the container. If it is "stupid", always when you use url rewriting it's always adding jsessionid to URL. But if it's "smart" jsessionid is added only to first request. If the container noticed that client uses cookies next requests will not have jsessionid in url because keeping session will be "cookie based".

Who is right ?
 
Christophe Verré
Sheriff
Posts: 14691
16
Eclipse IDE Ubuntu VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If the container noticed that client uses cookies next requests will not have jsessionid in url because keeping session will be "cookie based".

URL rewriting is used when the client does not accept cookies.
 
Łukasz Suchecki
Ranch Hand
Posts: 55
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
yes - but you cant be sure if client uses cookiek or not
so you should everywhere in your code use url rewriting (if you want to be flexible and work with users with and without cookies) and smart container should detect if client has cookies enabled, and add (or not) jsessionid to all urls.

so my question stays open.
I can agree -
if user is not accepting cookies - all urls are appended by jsessionid
but if user is accepting cookies - only first (and maybe second) request must be appended (and after that container knows that user is accepting cookies, and all session keeping is based on cookies)
 
Christophe Verré
Sheriff
Posts: 14691
16
Eclipse IDE Ubuntu VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I understand what you mean. Checking if adding the jsessionid is necessary or not is part of "URL rewriting" is debatable.

Does URL rewriting simlpy means "adding the jsessionid" to the url ? Or does it include checking whether or not it is necessary ? I think it's HttpServletResponse#encodeURL's job to check it. But is it part of URL rewriting ?

SRV.7.1.3 URL Rewriting
URL rewriting is the lowest common denominator of session tracking. When a client will not accept a cookie, URL rewriting may be used by the server as the basis for session tracking. URL rewriting involves adding data, a session ID, to the URL path that is interpreted by the container to associate the request with a session. The session ID must be encoded as a path parameter in the URL string. The name of the parameter must be jsessionid.

I feel that the part in bold implies that the checking process is not part of url rewriting. What do you think ?
 
Łukasz Suchecki
Ranch Hand
Posts: 55
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
tnx - now I thing you have right

I was assuming that HttpServletResponse#encodeURL = url rewriting, but SRV.7.1.3 URL Rewriting clearly says that it's not.

Topic to close
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic