• Post Reply Bookmark Topic Watch Topic
  • New Topic

jsessionId in the URL throwing error page  RSS feed

 
Rithanya Laxmi
Ranch Hand
Posts: 203
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I have few JSPs for which jsessionIds are getting appended in the URL, there are different ways to remove the jsessionId from the URL. What is the best possible solution. I am using weblogic. If the cookies are not enabled or cleared by the user , we need jsessionId for tracking , but if we remove jsessionId also then whether it will be a problem as there wont be any way to track the user (both cookie and session wont be there) ? Also for secure HTTPS url jsessionId is needed? and will be created still by the container? Please clarify.

Thanks
 
Rithanya Laxmi
Ranch Hand
Posts: 203
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Experts any update on this?
 
German Gonzalez-Morris
Ranch Hand
Posts: 311
Eclipse IDE Firefox Browser Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello,

I don't understand the whole picture.

You want to remove jsessionid, but still track a web session ?

Regards,

Germán

 
German Gonzalez-Morris
Ranch Hand
Posts: 311
Eclipse IDE Firefox Browser Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Anyway, you can use cookies instead, and this must be configured in weblogic.xml

https://docs.oracle.com/middleware/1212/wls/WBAPP/weblogic_xml.htm#r14c1-t9

 
Rithanya Laxmi
Ranch Hand
Posts: 203
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks, if i enable the cookies in weblogic.xml, if the user clears the cookie in his browser what will happen? whether still the Cookie will be enabled as we are removing all the jsessionId? please clarify.
 
Rob Spoor
Sheriff
Posts: 21135
87
Chrome Eclipse IDE Java Windows
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If a user removes all his cookies, including the session cookie, then WebLogic will not recognise an existing session for the next request. It's up to your application to determine what to. Probably the user needs to login again.
 
Rithanya Laxmi
Ranch Hand
Posts: 203
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks, is there any other option other than the application prompting user to login again to track the user session? I understand that if both cookie and session cookie are removed the only way is to ask the user to login? Is there any other alternative
 
Rob Spoor
Sheriff
Posts: 21135
87
Chrome Eclipse IDE Java Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If the user removed his session id cookie, there is no chance your application can identity this user accurately. You can't use the IP address because the user may share his Internet connection with others (e.g. in companies, or even home networks).
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!