Turning off jsessionid on URL?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Turning off jsessionid on URL?

William Stranathan
Is there a configuration parameter to ONLY send the jsessionid by
cookie, not on the URL bar?

Picture this, user goes to your site http://www.yoursite.com/yourapp
yoursite redirects to the menu page, which gives a jsessionid.  That
page is under an auth-constraint and requires login, so you get
displayed the login page, but the URL you've been redirected to
includes the jsessionid - like:
http://www.yoursite.com/yourapp/Menu.do;jessionid=D2DC09EB64CBC7690BCEA68CA484B4C3
User wants to share the site with their friends, so they copy/paste
from the URL bar.  Then they log in - their session is now logged in,
AND they have the same session ID.

And yes, this does work - I'm able to copy/paste between different
browsers (exploder and firefox) and the session works fine.

Is there a way to turn that feature off?

w

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

control ports on windows

Tony Smith-5
Hi, I am running Tomcat 5.0 on Windows. But what I
want to do it not link to Tomcat. I would like to know
how to  control all those ports. For example, I would
like to open 8080 but close 8089, etc...


Thanks,



               
____________________________________________________
Sell on Yahoo! Auctions ? no fees. Bid on great items.  
http://auctions.yahoo.com/

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Turning off jsessionid on URL?

Tim Funk
In reply to this post by William Stranathan
Please stop posting the same question 4 times and please wait for a response.

The answer to the question below is no. There is no switch. To not use URL
rewriting, do not utilize the method HttpServletResponse.encodeURL(). Of
course - this requires a code rewrite.

The easier solution is to implement a servlet filter which creates a
HttpServletResponseWrapper which overrides encodeURL and encodeRedirectURL

-Tim

William Stranathan wrote:

> Is there a configuration parameter to ONLY send the jsessionid by
> cookie, not on the URL bar?
>
> Picture this, user goes to your site http://www.yoursite.com/yourapp
> yoursite redirects to the menu page, which gives a jsessionid.  That
> page is under an auth-constraint and requires login, so you get
> displayed the login page, but the URL you've been redirected to
> includes the jsessionid - like:
> http://www.yoursite.com/yourapp/Menu.do;jessionid=D2DC09EB64CBC7690BCEA68CA484B4C3
> User wants to share the site with their friends, so they copy/paste
> from the URL bar.  Then they log in - their session is now logged in,
> AND they have the same session ID.
>
> And yes, this does work - I'm able to copy/paste between different
> browsers (exploder and firefox) and the session works fine.
>
> Is there a way to turn that feature off?
>

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Turning off jsessionid on URL?

William Stranathan
I only sent the message once.  I apologize for any inconvenience, but
I wonder if gmail and/or ezmlm are having issues today - I've received
the welcome message from ezmlm four times now.

w

On 7/7/05, Tim Funk <[hidden email]> wrote:

> Please stop posting the same question 4 times and please wait for a response.
>
> The answer to the question below is no. There is no switch. To not use URL
> rewriting, do not utilize the method HttpServletResponse.encodeURL(). Of
> course - this requires a code rewrite.
>
> The easier solution is to implement a servlet filter which creates a
> HttpServletResponseWrapper which overrides encodeURL and encodeRedirectURL
>
> -Tim
>
> William Stranathan wrote:
>
> > Is there a configuration parameter to ONLY send the jsessionid by
> > cookie, not on the URL bar?
> >
> > Picture this, user goes to your site http://www.yoursite.com/yourapp
> > yoursite redirects to the menu page, which gives a jsessionid.  That
> > page is under an auth-constraint and requires login, so you get
> > displayed the login page, but the URL you've been redirected to
> > includes the jsessionid - like:
> > http://www.yoursite.com/yourapp/Menu.do;jessionid=D2DC09EB64CBC7690BCEA68CA484B4C3
> > User wants to share the site with their friends, so they copy/paste
> > from the URL bar.  Then they log in - their session is now logged in,
> > AND they have the same session ID.
> >
> > And yes, this does work - I'm able to copy/paste between different
> > browsers (exploder and firefox) and the session works fine.
> >
> > Is there a way to turn that feature off?
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Turning off jsessionid on URL?

Michael Jouravlev
In reply to this post by William Stranathan
See my question about two weeks ago on how to detect jsessionid in the
URL. Looks like it is not directly possible, but you can use our own
request parameter to find this out. After you detect that jsessionid
is in the URL (the harder part), make another redirect to the same
location, and URL will come clean.

Michael.

On 7/7/05, William Stranathan <[hidden email]> wrote:

> Is there a configuration parameter to ONLY send the jsessionid by
> cookie, not on the URL bar?
>
> Picture this, user goes to your site http://www.yoursite.com/yourapp
> yoursite redirects to the menu page, which gives a jsessionid.  That
> page is under an auth-constraint and requires login, so you get
> displayed the login page, but the URL you've been redirected to
> includes the jsessionid - like:
> http://www.yoursite.com/yourapp/Menu.do;jessionid=D2DC09EB64CBC7690BCEA68CA484B4C3
> User wants to share the site with their friends, so they copy/paste
> from the URL bar.  Then they log in - their session is now logged in,
> AND they have the same session ID.
>
> And yes, this does work - I'm able to copy/paste between different
> browsers (exploder and firefox) and the session works fine.
>
> Is there a way to turn that feature off?

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: control ports on windows

Alan Chandler
In reply to this post by Tony Smith-5
On Thursday 07 July 2005 17:25, Tony Smith wrote:
> Hi, I am running Tomcat 5.0 on Windows. But what I
> want to do it not link to Tomcat. I would like to know
> how to  control all those ports. For example, I would
> like to open 8080 but close 8089, etc...
>
>
> Thanks,

1) Don't hijack someone elses thread for your self (you even seemed to have
asked the writer of the original thread directly rather than the list)

2) Be a bit clearer in what you are asking.  What does "what I want to do it
[is?] not link to Tomcat" mean?  In particular what is the rather ambiguous
word "link" meant to mean? Are you talking about connecting another web
server, and if so which one?

3) Tell us what you have done to try and figure it out for yourself - Hint:
have you looked at server.xml?

--
Alan Chandler
http://www.chandlerfamily.org.uk

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]