Re: how to disable (or work around) jsessionid in html:img sources
Btw, Kris - I just had to make use of this code that you provided, and it works perfectly. Sweet! Kris Schneider wrote: If you can accomplish what you want via Apache rewrite rules, that seems like a simpler solution. If that doesn't work out, here's a JSP/JSTL equivalent of how html:img comes up with the module path: %@ page import=org.apache.struts.Globals % %@ taglib prefix=curi=http://java.sun.com/jstl/core; % %@ taglib prefix=c_rt uri=http://java.sun.com/jstl/core_rt; % c_rt:set var=moduleKey value=%= Globals.MODULE_KEY %/ c:set var=moduleConfig value=${requestScope[moduleKey]}/ c:set var=prefix value=/ c:if test=${not empty moduleConfig} c:set var=prefix value=${moduleConfig.prefix}/ /c:if c:set var=modulePath value=${pageContext.request.contextPath}${prefix}/ img src=c:out value=${modulePath}/path/to/image/ Quoting dutrieux [EMAIL PROTECTED]: Maybe you can try, But I think the impacts is all pages send to apache then all virtualhosts defiend by the mod_jk. Ruth, Brice a écrit : Is this something I can do at a global level, so that it impacts all virtualhosts defined by the mod_jk auto configuration file generated by Tomcat's connector? dutrieux wrote: Hello For Apache v3.x you need to put in httpd.conf file this entry : RewriteRule ^(.*);jsessionid=.*$ $1 [L] Best regards Olivier Dutrieux * * Ruth, Brice a écrit : Ruth, Brice wrote: Hi. I'm using html:img in certain tiles that are used from very different places in my application with the page attribute to take advantage of module-relative naming for the image sources. However, when cookies aren't enabled, or on the first visit to the web application (with no session cookie having been previously detected), the ';jsessionid=X' gets added to the end of the image. Now, I'm not driving any dynamic images, nor do I intend to, so this sessionid is worthless to me. Furthermore - since I'm using Apache+Tomcat+mod_jk to serve this application, Apache seems to choke on serving up this image. I expect its because the sessionid is delimited by ';' instead of '?' as I'm used to, but maybe not. Either way - does anyone know of a way to get around this? If possible, I'd prefer not having to do anything special in the Apache conf, mainly because I'm using the auto-generated mod_jk conf file for this configuration. Thanks! Any takers on this? This is kinda hosin' up my Apache/Tomcat setup ... Tomcat standalone serves up the images fine with the jsessionid junk, but Apache doesn't! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- *Olivier Dutrieux* www.pasteur.fr Institut Pasteur Informatique de gestion Micro-Informatique 25-28 rue du Docteur Roux 75724 PARIS CEDEX 15 Tel: +33 (0) 1 40 61 31 62 Fax: +33 (0) 1 45 68 89 89 -- Brice D. Ruth Sr. IT Analyst Fiskars Brands, Inc. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: how to disable (or work around) jsessionid in html:img sources
James Mitchell wrote: A bit of history on this subject: * From: Craig R. McClanahan * Subject: Re: Why would jsessionid not appear? * Date: Wed, 08 Aug 2001 12:09:26 -0700 The jsessionid path parameter will only be added if the servlet container does not know whether your client supports cookies. How Tomcat handles this (probably typical of others): * On the first response in a session, send the session id both ways (cookie and encoding). * If the subsequent request comes back with a cookie, turn of URL rewriting for the remainder of this session. * If the subsequent request comes back without a cookie, keep on rewriting. Craig So, with that having been said, all you have to do is tell all your users to hit refresh whenever they access your site. That way, all external links and images will work. If you find that unacceptable, you could: Move the contents of index.jsp to index2.jsp, then: Put a meta refresh tag as your initial page (index.jsp). META HTTP-EQUIV=refresh content=2;URL=http://www.yoursite.com/index2.jsp; or Add some javascript that sends the user to index2.jsp. (similar to above) or Use logic:redirect or any number of ways in a scriptlet to redirect to index2.jsp On the Struts-Atlanta web site (http://www.struts-atlanta.org), I take a slightly different approach. At the top of my index.jsp, I do this: logic:present parameter=refresh bean:parameter id=refreshed name=refresh/ /logic:present logic:notEqual name=refreshed value=true logic:redirect page=/index.jsp?refresh=true/ /logic:notEqual What this does is refresh the page one time only. This method works for me because I am not posting or processing any forms with this page which would not work correctly if I had. Hope that helps. Thanks, James. Ignoring for the moment how these workarounds smack of hack, this doesn't solve the problem of people visiting the site w/o cookies enabled. What I don't understand is why the delimiter ';' is being used, instead of the traditional '?' - which Apache wouldn't have a problem stripping off and serving up the proper file with ... Just to clarify - by calling these workarounds hacks - I mean no disrespect - I am just looking for a cleaner method of handling this. That's all. Brice -- Brice D. Ruth Sr. IT Analyst Fiskars Brands, Inc. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: how to disable (or work around) jsessionid in html:img sources
If it's any consolation, I just tried the original JSP-only code I posted with TC 4.1.24 and it worked fine... Quoting Ruth, Brice [EMAIL PROTECTED]: James Mitchell wrote: A bit of history on this subject: * From: Craig R. McClanahan * Subject: Re: Why would jsessionid not appear? * Date: Wed, 08 Aug 2001 12:09:26 -0700 The jsessionid path parameter will only be added if the servlet container does not know whether your client supports cookies. How Tomcat handles this (probably typical of others): * On the first response in a session, send the session id both ways (cookie and encoding). * If the subsequent request comes back with a cookie, turn of URL rewriting for the remainder of this session. * If the subsequent request comes back without a cookie, keep on rewriting. Craig So, with that having been said, all you have to do is tell all your users to hit refresh whenever they access your site. That way, all external links and images will work. If you find that unacceptable, you could: Move the contents of index.jsp to index2.jsp, then: Put a meta refresh tag as your initial page (index.jsp). META HTTP-EQUIV=refresh content=2;URL=http://www.yoursite.com/index2.jsp; or Add some javascript that sends the user to index2.jsp. (similar to above) or Use logic:redirect or any number of ways in a scriptlet to redirect to index2.jsp On the Struts-Atlanta web site (http://www.struts-atlanta.org), I take a slightly different approach. At the top of my index.jsp, I do this: logic:present parameter=refresh bean:parameter id=refreshed name=refresh/ /logic:present logic:notEqual name=refreshed value=true logic:redirect page=/index.jsp?refresh=true/ /logic:notEqual What this does is refresh the page one time only. This method works for me because I am not posting or processing any forms with this page which would not work correctly if I had. Hope that helps. Thanks, James. Ignoring for the moment how these workarounds smack of hack, this doesn't solve the problem of people visiting the site w/o cookies enabled. What I don't understand is why the delimiter ';' is being used, instead of the traditional '?' - which Apache wouldn't have a problem stripping off and serving up the proper file with ... Just to clarify - by calling these workarounds hacks - I mean no disrespect - I am just looking for a cleaner method of handling this. That's all. Brice -- Brice D. Ruth Sr. IT Analyst Fiskars Brands, Inc. -- Kris Schneider mailto:[EMAIL PROTECTED] D.O.Tech http://www.dotech.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: how to disable (or work around) jsessionid in html:img sources
-Original Message- From: Ruth, Brice [mailto:[EMAIL PROTECTED] Sent: Thursday, October 23, 2003 9:32 AM To: Struts Users Mailing List Subject: Re: how to disable (or work around) jsessionid in html:img sources James Mitchell wrote: A bit of history on this subject: * From: Craig R. McClanahan * Subject: Re: Why would jsessionid not appear? * Date: Wed, 08 Aug 2001 12:09:26 -0700 The jsessionid path parameter will only be added if the servlet container does not know whether your client supports cookies. How Tomcat handles this (probably typical of others): * On the first response in a session, send the session id both ways (cookie and encoding). * If the subsequent request comes back with a cookie, turn of URL rewriting for the remainder of this session. * If the subsequent request comes back without a cookie, keep on rewriting. Craig So, with that having been said, all you have to do is tell all your users to hit refresh whenever they access your site. That way, all external links and images will work. If you find that unacceptable, you could: Move the contents of index.jsp to index2.jsp, then: Put a meta refresh tag as your initial page (index.jsp). META HTTP-EQUIV=refresh content=2;URL=http://www.yoursite.com/index2.jsp; or Add some javascript that sends the user to index2.jsp. (similar to above) or Use logic:redirect or any number of ways in a scriptlet to redirect to index2.jsp On the Struts-Atlanta web site (http://www.struts-atlanta.org), I take a slightly different approach. At the top of my index.jsp, I do this: logic:present parameter=refresh bean:parameter id=refreshed name=refresh/ /logic:present logic:notEqual name=refreshed value=true logic:redirect page=/index.jsp?refresh=true/ /logic:notEqual What this does is refresh the page one time only. This method works for me because I am not posting or processing any forms with this page which would not work correctly if I had. Hope that helps. Thanks, James. Ignoring for the moment how these workarounds smack of hack, this doesn't solve the problem of people visiting the site w/o cookies enabled. What I don't understand is why the delimiter ';' is being used, instead of the traditional '?' - which Apache wouldn't have a problem stripping off and serving up the proper file with ... That seems to be a rule in the Servlet specification on URL rewriting for passing session info. http://www.jcp.org/aboutJava/communityprocess/first/jsr053/servlet23_PFD .pdf Saul Just to clarify - by calling these workarounds hacks - I mean no disrespect - I am just looking for a cleaner method of handling this. That's all. Brice -- Brice D. Ruth Sr. IT Analyst Fiskars Brands, Inc. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: how to disable (or work around) jsessionid in html:img sources
Bizarre ... dunno what's up with my config, then. Not a biggie, I guess - my workaround still works, I guess. I just wanted to use this because I was using a scriptlet to generate some *very* dynamic code and got into a situation where I couldn't use html:rewrite because it'd be nested within an html:link tag (in an onmouseover attribute) - so I wanted to use that code to get the prefix to just insert with another scriptlet. But, I think I've worked around that now, too. It is truly amazing how a JSP can be compiled from custom JSP tags (tiles, struts, etc.), java code scriptlets, and EL expressions within tags, to something that actually works. I am truly amazed at times! :) Kris Schneider wrote: If it's any consolation, I just tried the original JSP-only code I posted with TC 4.1.24 and it worked fine... Quoting Ruth, Brice [EMAIL PROTECTED]: James Mitchell wrote: A bit of history on this subject: * From: Craig R. McClanahan * Subject: Re: Why would jsessionid not appear? * Date: Wed, 08 Aug 2001 12:09:26 -0700 The jsessionid path parameter will only be added if the servlet container does not know whether your client supports cookies. How Tomcat handles this (probably typical of others): * On the first response in a session, send the session id both ways (cookie and encoding). * If the subsequent request comes back with a cookie, turn of URL rewriting for the remainder of this session. * If the subsequent request comes back without a cookie, keep on rewriting. Craig So, with that having been said, all you have to do is tell all your users to hit refresh whenever they access your site. That way, all external links and images will work. If you find that unacceptable, you could: Move the contents of index.jsp to index2.jsp, then: Put a meta refresh tag as your initial page (index.jsp). META HTTP-EQUIV=refresh content=2;URL=http://www.yoursite.com/index2.jsp; or Add some javascript that sends the user to index2.jsp. (similar to above) or Use logic:redirect or any number of ways in a scriptlet to redirect to index2.jsp On the Struts-Atlanta web site (http://www.struts-atlanta.org), I take a slightly different approach. At the top of my index.jsp, I do this: logic:present parameter=refresh bean:parameter id=refreshed name=refresh/ /logic:present logic:notEqual name=refreshed value=true logic:redirect page=/index.jsp?refresh=true/ /logic:notEqual What this does is refresh the page one time only. This method works for me because I am not posting or processing any forms with this page which would not work correctly if I had. Hope that helps. Thanks, James. Ignoring for the moment how these workarounds smack of hack, this doesn't solve the problem of people visiting the site w/o cookies enabled. What I don't understand is why the delimiter ';' is being used, instead of the traditional '?' - which Apache wouldn't have a problem stripping off and serving up the proper file with ... Just to clarify - by calling these workarounds hacks - I mean no disrespect - I am just looking for a cleaner method of handling this. That's all. Brice -- Brice D. Ruth Sr. IT Analyst Fiskars Brands, Inc. -- Brice D. Ruth Sr. IT Analyst Fiskars Brands, Inc. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: how to disable (or work around) jsessionid in html:img sources
Saul Q Yuan wrote: -Original Message- From: Ruth, Brice [mailto:[EMAIL PROTECTED] Sent: Thursday, October 23, 2003 9:32 AM To: Struts Users Mailing List Subject: Re: how to disable (or work around) jsessionid in html:img sources James Mitchell wrote: A bit of history on this subject: * From: Craig R. McClanahan * Subject: Re: Why would jsessionid not appear? * Date: Wed, 08 Aug 2001 12:09:26 -0700 The jsessionid path parameter will only be added if the servlet container does not know whether your client supports cookies. How Tomcat handles this (probably typical of others): * On the first response in a session, send the session id both ways (cookie and encoding). * If the subsequent request comes back with a cookie, turn of URL rewriting for the remainder of this session. * If the subsequent request comes back without a cookie, keep on rewriting. Craig So, with that having been said, all you have to do is tell all your users to hit refresh whenever they access your site. That way, all external links and images will work. If you find that unacceptable, you could: Move the contents of index.jsp to index2.jsp, then: Put a meta refresh tag as your initial page (index.jsp). META HTTP-EQUIV=refresh content=2;URL=http://www.yoursite.com/index2.jsp; or Add some javascript that sends the user to index2.jsp. (similar to above) or Use logic:redirect or any number of ways in a scriptlet to redirect to index2.jsp On the Struts-Atlanta web site (http://www.struts-atlanta.org), I take a slightly different approach. At the top of my index.jsp, I do this: logic:present parameter=refresh bean:parameter id=refreshed name=refresh/ /logic:present logic:notEqual name=refreshed value=true logic:redirect page=/index.jsp?refresh=true/ /logic:notEqual What this does is refresh the page one time only. This method works for me because I am not posting or processing any forms with this page which would not work correctly if I had. Hope that helps. Thanks, James. Ignoring for the moment how these workarounds smack of hack, this doesn't solve the problem of people visiting the site w/o cookies enabled. What I don't understand is why the delimiter ';' is being used, instead of the traditional '?' - which Apache wouldn't have a problem stripping off and serving up the proper file with ... That seems to be a rule in the Servlet specification on URL rewriting for passing session info. http://www.jcp.org/aboutJava/communityprocess/first/jsr053/servlet23_PFD .pdf Saul Seems strange that a rule would be set that breaks IETF standards, doesn't it? Or am I seeing this totally wrong? -- Brice D. Ruth Sr. IT Analyst Fiskars Brands, Inc. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: how to disable (or work around) jsessionid in html:img sources
-Original Message- From: Ruth, Brice [mailto:[EMAIL PROTECTED] Sent: Thursday, October 23, 2003 11:27 AM To: Struts Users Mailing List Subject: Re: how to disable (or work around) jsessionid in html:img sources Saul Q Yuan wrote: -Original Message- From: Ruth, Brice [mailto:[EMAIL PROTECTED] Sent: Thursday, October 23, 2003 9:32 AM To: Struts Users Mailing List Subject: Re: how to disable (or work around) jsessionid in html:img sources James Mitchell wrote: A bit of history on this subject: * From: Craig R. McClanahan * Subject: Re: Why would jsessionid not appear? * Date: Wed, 08 Aug 2001 12:09:26 -0700 The jsessionid path parameter will only be added if the servlet container does not know whether your client supports cookies. How Tomcat handles this (probably typical of others): * On the first response in a session, send the session id both ways (cookie and encoding). * If the subsequent request comes back with a cookie, turn of URL rewriting for the remainder of this session. * If the subsequent request comes back without a cookie, keep on rewriting. Craig So, with that having been said, all you have to do is tell all your users to hit refresh whenever they access your site. That way, all external links and images will work. If you find that unacceptable, you could: Move the contents of index.jsp to index2.jsp, then: Put a meta refresh tag as your initial page (index.jsp). META HTTP-EQUIV=refresh content=2;URL=http://www.yoursite.com/index2.jsp; or Add some javascript that sends the user to index2.jsp. (similar to above) or Use logic:redirect or any number of ways in a scriptlet to redirect to index2.jsp On the Struts-Atlanta web site (http://www.struts-atlanta.org), I take a slightly different approach. At the top of my index.jsp, I do this: logic:present parameter=refresh bean:parameter id=refreshed name=refresh/ /logic:present logic:notEqual name=refreshed value=true logic:redirect page=/index.jsp?refresh=true/ /logic:notEqual What this does is refresh the page one time only. This method works for me because I am not posting or processing any forms with this page which would not work correctly if I had. Hope that helps. Thanks, James. Ignoring for the moment how these workarounds smack of hack, this doesn't solve the problem of people visiting the site w/o cookies enabled. What I don't understand is why the delimiter ';' is being used, instead of the traditional '?' - which Apache wouldn't have a problem stripping off and serving up the proper file with ... That seems to be a rule in the Servlet specification on URL rewriting for passing session info. http://www.jcp.org/aboutJava/communityprocess/first/jsr053/servlet23_PF D .pdf Saul Seems strange that a rule would be set that breaks IETF standards, doesn't it? Or am I seeing this totally wrong? Not sure what's the rational why it's not using ? instead of :, I guess it has to do with security or something. Using ?jsessionid makes it looks like a general request parameter and can be easily accessed and modified by the applications. Just my thoughts. Saul -- Brice D. Ruth Sr. IT Analyst Fiskars Brands, Inc. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: how to disable (or work around) jsessionid in html:img sources
The HTTP/1.0 spec defines a URI as: ... rel_path = [ path ] [ ; params ] [ ? query ] ... The Servlet spec states: The session id must be encoded as a path parameter in the URL string. The name of the parameter must be jsessionid. Quoting Ruth, Brice [EMAIL PROTECTED]: Saul Q Yuan wrote: -Original Message- From: Ruth, Brice [mailto:[EMAIL PROTECTED] Sent: Thursday, October 23, 2003 9:32 AM To: Struts Users Mailing List Subject: Re: how to disable (or work around) jsessionid in html:img sources James Mitchell wrote: A bit of history on this subject: * From: Craig R. McClanahan * Subject: Re: Why would jsessionid not appear? * Date: Wed, 08 Aug 2001 12:09:26 -0700 The jsessionid path parameter will only be added if the servlet container does not know whether your client supports cookies. How Tomcat handles this (probably typical of others): * On the first response in a session, send the session id both ways (cookie and encoding). * If the subsequent request comes back with a cookie, turn of URL rewriting for the remainder of this session. * If the subsequent request comes back without a cookie, keep on rewriting. Craig So, with that having been said, all you have to do is tell all your users to hit refresh whenever they access your site. That way, all external links and images will work. If you find that unacceptable, you could: Move the contents of index.jsp to index2.jsp, then: Put a meta refresh tag as your initial page (index.jsp). META HTTP-EQUIV=refresh content=2;URL=http://www.yoursite.com/index2.jsp; or Add some javascript that sends the user to index2.jsp. (similar to above) or Use logic:redirect or any number of ways in a scriptlet to redirect to index2.jsp On the Struts-Atlanta web site (http://www.struts-atlanta.org), I take a slightly different approach. At the top of my index.jsp, I do this: logic:present parameter=refresh bean:parameter id=refreshed name=refresh/ /logic:present logic:notEqual name=refreshed value=true logic:redirect page=/index.jsp?refresh=true/ /logic:notEqual What this does is refresh the page one time only. This method works for me because I am not posting or processing any forms with this page which would not work correctly if I had. Hope that helps. Thanks, James. Ignoring for the moment how these workarounds smack of hack, this doesn't solve the problem of people visiting the site w/o cookies enabled. What I don't understand is why the delimiter ';' is being used, instead of the traditional '?' - which Apache wouldn't have a problem stripping off and serving up the proper file with ... That seems to be a rule in the Servlet specification on URL rewriting for passing session info. http://www.jcp.org/aboutJava/communityprocess/first/jsr053/servlet23_PFD .pdf Saul Seems strange that a rule would be set that breaks IETF standards, doesn't it? Or am I seeing this totally wrong? -- Brice D. Ruth Sr. IT Analyst Fiskars Brands, Inc. -- Kris Schneider mailto:[EMAIL PROTECTED] D.O.Tech http://www.dotech.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: how to disable (or work around) jsessionid in html:img sources
OK, so that looks like it makes sense, but why is Apache barfing on the 'params', then? I can't imagine that Apache doesn't support the HTTP/1.0 spec entirely. Kris Schneider wrote: The HTTP/1.0 spec defines a URI as: ... rel_path = [ path ] [ ; params ] [ ? query ] ... The Servlet spec states: The session id must be encoded as a path parameter in the URL string. The name of the parameter must be jsessionid. Quoting Ruth, Brice [EMAIL PROTECTED]: Saul Q Yuan wrote: -Original Message- From: Ruth, Brice [mailto:[EMAIL PROTECTED] Sent: Thursday, October 23, 2003 9:32 AM To: Struts Users Mailing List Subject: Re: how to disable (or work around) jsessionid in html:img sources James Mitchell wrote: A bit of history on this subject: * From: Craig R. McClanahan * Subject: Re: Why would jsessionid not appear? * Date: Wed, 08 Aug 2001 12:09:26 -0700 The jsessionid path parameter will only be added if the servlet container does not know whether your client supports cookies. How Tomcat handles this (probably typical of others): * On the first response in a session, send the session id both ways (cookie and encoding). * If the subsequent request comes back with a cookie, turn of URL rewriting for the remainder of this session. * If the subsequent request comes back without a cookie, keep on rewriting. Craig So, with that having been said, all you have to do is tell all your users to hit refresh whenever they access your site. That way, all external links and images will work. If you find that unacceptable, you could: Move the contents of index.jsp to index2.jsp, then: Put a meta refresh tag as your initial page (index.jsp). META HTTP-EQUIV=refresh content=2;URL=http://www.yoursite.com/index2.jsp; or Add some javascript that sends the user to index2.jsp. (similar to above) or Use logic:redirect or any number of ways in a scriptlet to redirect to index2.jsp On the Struts-Atlanta web site (http://www.struts-atlanta.org), I take a slightly different approach. At the top of my index.jsp, I do this: logic:present parameter=refresh bean:parameter id=refreshed name=refresh/ /logic:present logic:notEqual name=refreshed value=true logic:redirect page=/index.jsp?refresh=true/ /logic:notEqual What this does is refresh the page one time only. This method works for me because I am not posting or processing any forms with this page which would not work correctly if I had. Hope that helps. Thanks, James. Ignoring for the moment how these workarounds smack of hack, this doesn't solve the problem of people visiting the site w/o cookies enabled. What I don't understand is why the delimiter ';' is being used, instead of the traditional '?' - which Apache wouldn't have a problem stripping off and serving up the proper file with ... That seems to be a rule in the Servlet specification on URL rewriting for passing session info. http://www.jcp.org/aboutJava/communityprocess/first/jsr053/servlet23_PFD .pdf Saul Seems strange that a rule would be set that breaks IETF standards, doesn't it? Or am I seeing this totally wrong? -- Brice D. Ruth Sr. IT Analyst Fiskars Brands, Inc. -- Brice D. Ruth Sr. IT Analyst Fiskars Brands, Inc. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: how to disable (or work around) jsessionid in html:img sources
You know, in light of the fact that it may be standard and to the spec, it's funny that most of the servlet containers that I use (Tomcat, Resin, Jetty) don't recognize their own rewritten urls. To me, that's just unacceptable. Someone with some influence (Craig? Remy?) might want to address this. -- James Mitchell Software Engineer / Struts Evangelist http://www.struts-atlanta.org 678.910.8017 AIM:jmitchtx -Original Message- From: Kris Schneider [mailto:[EMAIL PROTECTED] Sent: Thursday, October 23, 2003 12:01 PM To: Struts Users Mailing List Subject: Re: how to disable (or work around) jsessionid in html:img sources The HTTP/1.0 spec defines a URI as: ... rel_path = [ path ] [ ; params ] [ ? query ] ... The Servlet spec states: The session id must be encoded as a path parameter in the URL string. The name of the parameter must be jsessionid. Quoting Ruth, Brice [EMAIL PROTECTED]: Saul Q Yuan wrote: -Original Message- From: Ruth, Brice [mailto:[EMAIL PROTECTED] Sent: Thursday, October 23, 2003 9:32 AM To: Struts Users Mailing List Subject: Re: how to disable (or work around) jsessionid in html:img sources James Mitchell wrote: A bit of history on this subject: * From: Craig R. McClanahan * Subject: Re: Why would jsessionid not appear? * Date: Wed, 08 Aug 2001 12:09:26 -0700 The jsessionid path parameter will only be added if the servlet container does not know whether your client supports cookies. How Tomcat handles this (probably typical of others): * On the first response in a session, send the session id both ways (cookie and encoding). * If the subsequent request comes back with a cookie, turn of URL rewriting for the remainder of this session. * If the subsequent request comes back without a cookie, keep on rewriting. Craig So, with that having been said, all you have to do is tell all your users to hit refresh whenever they access your site. That way, all external links and images will work. If you find that unacceptable, you could: Move the contents of index.jsp to index2.jsp, then: Put a meta refresh tag as your initial page (index.jsp). META HTTP-EQUIV=refresh content=2;URL=http://www.yoursite.com/index2.jsp; or Add some javascript that sends the user to index2.jsp. (similar to above) or Use logic:redirect or any number of ways in a scriptlet to redirect to index2.jsp On the Struts-Atlanta web site (http://www.struts-atlanta.org), I take a slightly different approach. At the top of my index.jsp, I do this: logic:present parameter=refresh bean:parameter id=refreshed name=refresh/ /logic:present logic:notEqual name=refreshed value=true logic:redirect page=/index.jsp?refresh=true/ /logic:notEqual What this does is refresh the page one time only. This method works for me because I am not posting or processing any forms with this page which would not work correctly if I had. Hope that helps. Thanks, James. Ignoring for the moment how these workarounds smack of hack, this doesn't solve the problem of people visiting the site w/o cookies enabled. What I don't understand is why the delimiter ';' is being used, instead of the traditional '?' - which Apache wouldn't have a problem stripping off and serving up the proper file with ... That seems to be a rule in the Servlet specification on URL rewriting for passing session info. http://www.jcp.org/aboutJava/communityprocess/first/jsr053/se rvlet23_PFD .pdf Saul Seems strange that a rule would be set that breaks IETF standards, doesn't it? Or am I seeing this totally wrong? -- Brice D. Ruth Sr. IT Analyst Fiskars Brands, Inc. -- Kris Schneider mailto:[EMAIL PROTECTED] D.O.Tech http://www.dotech.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: how to disable (or work around) jsessionid in html:img sources
Ruth, Brice wrote: Saul Q Yuan wrote: -Original Message- From: Ruth, Brice [mailto:[EMAIL PROTECTED] Sent: Thursday, October 23, 2003 9:32 AM To: Struts Users Mailing List Subject: Re: how to disable (or work around) jsessionid in html:img sources James Mitchell wrote: A bit of history on this subject: * From: Craig R. McClanahan * Subject: Re: Why would jsessionid not appear? * Date: Wed, 08 Aug 2001 12:09:26 -0700 The jsessionid path parameter will only be added if the servlet container does not know whether your client supports cookies. How Tomcat handles this (probably typical of others): * On the first response in a session, send the session id both ways (cookie and encoding). * If the subsequent request comes back with a cookie, turn of URL rewriting for the remainder of this session. * If the subsequent request comes back without a cookie, keep on rewriting. Craig So, with that having been said, all you have to do is tell all your users to hit refresh whenever they access your site. That way, all external links and images will work. If you find that unacceptable, you could: Move the contents of index.jsp to index2.jsp, then: Put a meta refresh tag as your initial page (index.jsp). META HTTP-EQUIV=refresh content=2;URL=http://www.yoursite.com/index2.jsp; or Add some javascript that sends the user to index2.jsp. (similar to above) or Use logic:redirect or any number of ways in a scriptlet to redirect to index2.jsp On the Struts-Atlanta web site (http://www.struts-atlanta.org), I take a slightly different approach. At the top of my index.jsp, I do this: logic:present parameter=refresh bean:parameter id=refreshed name=refresh/ /logic:present logic:notEqual name=refreshed value=true logic:redirect page=/index.jsp?refresh=true/ /logic:notEqual What this does is refresh the page one time only. This method works for me because I am not posting or processing any forms with this page which would not work correctly if I had. Hope that helps. Thanks, James. Ignoring for the moment how these workarounds smack of hack, this doesn't solve the problem of people visiting the site w/o cookies enabled. What I don't understand is why the delimiter ';' is being used, instead of the traditional '?' - which Apache wouldn't have a problem stripping off and serving up the proper file with ... That seems to be a rule in the Servlet specification on URL rewriting for passing session info. http://www.jcp.org/aboutJava/communityprocess/first/jsr053/servlet23_PFD .pdf Saul Seems strange that a rule would be set that breaks IETF standards, doesn't it? Or am I seeing this totally wrong? In IETF standards terms, the session identifier is a *path* parameter, not a *query* parameter. Such parameters can actually be added to any segment in the url (http://foo.com/bar;baz=bop/ping;game=pong;), not just the last one. Just because it is not common doesn't mean it's broken :-). Craig McClanahan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: how to disable (or work around) jsessionid in html:img sources
James Mitchell wrote: You know, in light of the fact that it may be standard and to the spec, it's funny that most of the servlet containers that I use (Tomcat, Resin, Jetty) don't recognize their own rewritten urls. To me, that's just unacceptable. Don't blame Tomcat's JK or JK2 connectors on me! I don't have anything to do with them :-). I've only ever been interested in the standalone Tomcat code (and, for work, the way that Tomcat gets integrated into Sun's web server and app server products). In all of those cases, session identifiers work just fine. So do servlet mappings and all the other features. ISTR someone on TOMCAT-USER has posted a mod_rewrite rule that can deal with the jsessionid passthrough. Someone with some influence (Craig? Remy?) might want to address this. http://nagoya.apache.org/bugzilla Craig - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: how to disable (or work around) jsessionid in html:img sources
Craig R. McClanahan wrote: Don't blame Tomcat's JK or JK2 connectors on me! I don't have anything to do with them :-). I've only ever been interested in the standalone Tomcat code (and, for work, the way that Tomcat gets integrated into Sun's web server and app server products). In all of those cases, session identifiers work just fine. So do servlet mappings and all the other features. ISTR someone on TOMCAT-USER has posted a mod_rewrite rule that can deal with the jsessionid passthrough. I have a mod_rewrite rule working now, but my problem is that the rule has to be specified in the VirtualHost definition for a site, and that VirtualHost definition is auto-generated by ApacheConfig on the Tomcat side, and there's no way to tell ApacheConfig to do this right ... so, right now, I have hand-edited the mod_jk.conf file generated by ApacheConfig, but I have to re-edit everytime Tomcat restarts (and rewrites that file). Not an ideal situation, by any means :( On a production server, I can see putting the Apache configuration in httpd.conf or some other file, all manually, without using ApacheConfig at all, but for dev and staging, that saves me a ton of time ... Brice -- Brice D. Ruth Sr. IT Analyst Fiskars Brands, Inc. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: how to disable (or work around) jsessionid in html:img sources
Craig R. McClanahan wrote: Ruth, Brice wrote: Seems strange that a rule would be set that breaks IETF standards, doesn't it? Or am I seeing this totally wrong? In IETF standards terms, the session identifier is a *path* parameter, not a *query* parameter. Such parameters can actually be added to any segment in the url (http://foo.com/bar;baz=bop/ping;game=pong;), not just the last one. Just because it is not common doesn't mean it's broken :-). Craig McClanahan Very true, very true. I'm just having a hard time understanding what Apache is supposed to *do* with this 'param' argument ... I've been doing web stuff for quite a while and I've never really run into this (which again, doesn't mean anything's broken, just because *I* haven't encountered it :)). -- Brice D. Ruth Sr. IT Analyst Fiskars Brands, Inc. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: how to disable (or work around) jsessionid in html:img sources
Ruth, Brice wrote: Hi. I'm using html:img in certain tiles that are used from very different places in my application with the page attribute to take advantage of module-relative naming for the image sources. However, when cookies aren't enabled, or on the first visit to the web application (with no session cookie having been previously detected), the ';jsessionid=X' gets added to the end of the image. Now, I'm not driving any dynamic images, nor do I intend to, so this sessionid is worthless to me. Furthermore - since I'm using Apache+Tomcat+mod_jk to serve this application, Apache seems to choke on serving up this image. I expect its because the sessionid is delimited by ';' instead of '?' as I'm used to, but maybe not. Either way - does anyone know of a way to get around this? If possible, I'd prefer not having to do anything special in the Apache conf, mainly because I'm using the auto-generated mod_jk conf file for this configuration. Thanks! Any takers on this? This is kinda hosin' up my Apache/Tomcat setup ... Tomcat standalone serves up the images fine with the jsessionid junk, but Apache doesn't! -- Brice D. Ruth Sr. IT Analyst Fiskars Brands, Inc. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: how to disable (or work around) jsessionid in html:img sources
Hello For Apache v3.x you need to put in httpd.conf file this entry : RewriteRule ^(.*);jsessionid=.*$ $1 [L] Best regards Olivier Dutrieux * * Ruth, Brice a écrit : Ruth, Brice wrote: Hi. I'm using html:img in certain tiles that are used from very different places in my application with the page attribute to take advantage of module-relative naming for the image sources. However, when cookies aren't enabled, or on the first visit to the web application (with no session cookie having been previously detected), the ';jsessionid=X' gets added to the end of the image. Now, I'm not driving any dynamic images, nor do I intend to, so this sessionid is worthless to me. Furthermore - since I'm using Apache+Tomcat+mod_jk to serve this application, Apache seems to choke on serving up this image. I expect its because the sessionid is delimited by ';' instead of '?' as I'm used to, but maybe not. Either way - does anyone know of a way to get around this? If possible, I'd prefer not having to do anything special in the Apache conf, mainly because I'm using the auto-generated mod_jk conf file for this configuration. Thanks! Any takers on this? This is kinda hosin' up my Apache/Tomcat setup ... Tomcat standalone serves up the images fine with the jsessionid junk, but Apache doesn't! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: how to disable (or work around) jsessionid in html:img sources
Is this something I can do at a global level, so that it impacts all virtualhosts defined by the mod_jk auto configuration file generated by Tomcat's connector? dutrieux wrote: Hello For Apache v3.x you need to put in httpd.conf file this entry : RewriteRule ^(.*);jsessionid=.*$ $1 [L] Best regards Olivier Dutrieux * * Ruth, Brice a écrit : Ruth, Brice wrote: Hi. I'm using html:img in certain tiles that are used from very different places in my application with the page attribute to take advantage of module-relative naming for the image sources. However, when cookies aren't enabled, or on the first visit to the web application (with no session cookie having been previously detected), the ';jsessionid=X' gets added to the end of the image. Now, I'm not driving any dynamic images, nor do I intend to, so this sessionid is worthless to me. Furthermore - since I'm using Apache+Tomcat+mod_jk to serve this application, Apache seems to choke on serving up this image. I expect its because the sessionid is delimited by ';' instead of '?' as I'm used to, but maybe not. Either way - does anyone know of a way to get around this? If possible, I'd prefer not having to do anything special in the Apache conf, mainly because I'm using the auto-generated mod_jk conf file for this configuration. Thanks! Any takers on this? This is kinda hosin' up my Apache/Tomcat setup ... Tomcat standalone serves up the images fine with the jsessionid junk, but Apache doesn't! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Brice D. Ruth Sr. IT Analyst Fiskars Brands, Inc. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: how to disable (or work around) jsessionid in html:img sources
Maybe you can try, But I think the impacts is all pages send to apache then all virtualhosts defiend by the mod_jk. Ruth, Brice a crit: Is this something I can do at a global level, so that it impacts all virtualhosts defined by the mod_jk auto configuration file generated by Tomcat's connector? dutrieux wrote: Hello For Apache v3.x you need to put in "httpd.conf" file this entry : RewriteRule ^(.*);jsessionid=.*$ $1 [L] Best regards Olivier Dutrieux * * Ruth, Brice a crit : Ruth, Brice wrote: Hi. I'm using html:img in certain tiles that are used from very different places in my application with the "page" attribute to take advantage of module-relative naming for the image sources. However, when cookies aren't enabled, or on the first visit to the web application (with no session cookie having been previously detected), the ';jsessionid=X' gets added to the end of the image. Now, I'm not driving any dynamic images, nor do I intend to, so this sessionid is worthless to me. Furthermore - since I'm using Apache+Tomcat+mod_jk to serve this application, Apache seems to choke on serving up this image. I expect its because the sessionid is delimited by ';' instead of '?' as I'm used to, but maybe not. Either way - does anyone know of a way to get around this? If possible, I'd prefer not having to do anything special in the Apache conf, mainly because I'm using the auto-generated mod_jk conf file for this configuration. Thanks! Any takers on this? This is kinda hosin' up my Apache/Tomcat setup ... Tomcat standalone serves up the images fine with the jsessionid junk, but Apache doesn't! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Institut Pasteur Olivier Dutrieux Institut Pasteur Informatique de gestion Micro-Informatique 25-28 rue du Docteur Roux 75724 PARIS CEDEX 15 Tel: +33 (0) 1 40 61 31 62 Fax: +33 (0) 1 45 68 89 89 inline: Institut Pasteur
Re: how to disable (or work around) jsessionid in html:img sources
If you can accomplish what you want via Apache rewrite rules, that seems like a simpler solution. If that doesn't work out, here's a JSP/JSTL equivalent of how html:img comes up with the module path: %@ page import=org.apache.struts.Globals % %@ taglib prefix=curi=http://java.sun.com/jstl/core; % %@ taglib prefix=c_rt uri=http://java.sun.com/jstl/core_rt; % c_rt:set var=moduleKey value=%= Globals.MODULE_KEY %/ c:set var=moduleConfig value=${requestScope[moduleKey]}/ c:set var=prefix value=/ c:if test=${not empty moduleConfig} c:set var=prefix value=${moduleConfig.prefix}/ /c:if c:set var=modulePath value=${pageContext.request.contextPath}${prefix}/ img src=c:out value=${modulePath}/path/to/image/ Quoting dutrieux [EMAIL PROTECTED]: Maybe you can try, But I think the impacts is all pages send to apache then all virtualhosts defiend by the mod_jk. Ruth, Brice a écrit : Is this something I can do at a global level, so that it impacts all virtualhosts defined by the mod_jk auto configuration file generated by Tomcat's connector? dutrieux wrote: Hello For Apache v3.x you need to put in httpd.conf file this entry : RewriteRule ^(.*);jsessionid=.*$ $1 [L] Best regards Olivier Dutrieux * * Ruth, Brice a écrit : Ruth, Brice wrote: Hi. I'm using html:img in certain tiles that are used from very different places in my application with the page attribute to take advantage of module-relative naming for the image sources. However, when cookies aren't enabled, or on the first visit to the web application (with no session cookie having been previously detected), the ';jsessionid=X' gets added to the end of the image. Now, I'm not driving any dynamic images, nor do I intend to, so this sessionid is worthless to me. Furthermore - since I'm using Apache+Tomcat+mod_jk to serve this application, Apache seems to choke on serving up this image. I expect its because the sessionid is delimited by ';' instead of '?' as I'm used to, but maybe not. Either way - does anyone know of a way to get around this? If possible, I'd prefer not having to do anything special in the Apache conf, mainly because I'm using the auto-generated mod_jk conf file for this configuration. Thanks! Any takers on this? This is kinda hosin' up my Apache/Tomcat setup ... Tomcat standalone serves up the images fine with the jsessionid junk, but Apache doesn't! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- *Olivier Dutrieux* www.pasteur.fr Institut Pasteur Informatique de gestion Micro-Informatique 25-28 rue du Docteur Roux 75724 PARIS CEDEX 15 Tel: +33 (0) 1 40 61 31 62 Fax: +33 (0) 1 45 68 89 89 -- Kris Schneider mailto:[EMAIL PROTECTED] D.O.Tech http://www.dotech.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: how to disable (or work around) jsessionid in html:img sources
I tried this and got a JSP compile error that MODULE_KEY in org.apache.struts.Globals couldn't be resolved ... org.apache.struts.Globals _jspx_th_c_rt_set_0.setValue( Globals.MODULE_KEY ); ^ 1 error ?! Kris Schneider wrote: If you can accomplish what you want via Apache rewrite rules, that seems like a simpler solution. If that doesn't work out, here's a JSP/JSTL equivalent of how html:img comes up with the module path: %@ page import=org.apache.struts.Globals % %@ taglib prefix=curi=http://java.sun.com/jstl/core; % %@ taglib prefix=c_rt uri=http://java.sun.com/jstl/core_rt; % c_rt:set var=moduleKey value=%= Globals.MODULE_KEY %/ c:set var=moduleConfig value=${requestScope[moduleKey]}/ c:set var=prefix value=/ c:if test=${not empty moduleConfig} c:set var=prefix value=${moduleConfig.prefix}/ /c:if c:set var=modulePath value=${pageContext.request.contextPath}${prefix}/ img src=c:out value=${modulePath}/path/to/image/ Quoting dutrieux [EMAIL PROTECTED]: Maybe you can try, But I think the impacts is all pages send to apache then all virtualhosts defiend by the mod_jk. Ruth, Brice a écrit : Is this something I can do at a global level, so that it impacts all virtualhosts defined by the mod_jk auto configuration file generated by Tomcat's connector? dutrieux wrote: Hello For Apache v3.x you need to put in httpd.conf file this entry : RewriteRule ^(.*);jsessionid=.*$ $1 [L] Best regards Olivier Dutrieux * * Ruth, Brice a écrit : Ruth, Brice wrote: Hi. I'm using html:img in certain tiles that are used from very different places in my application with the page attribute to take advantage of module-relative naming for the image sources. However, when cookies aren't enabled, or on the first visit to the web application (with no session cookie having been previously detected), the ';jsessionid=X' gets added to the end of the image. Now, I'm not driving any dynamic images, nor do I intend to, so this sessionid is worthless to me. Furthermore - since I'm using Apache+Tomcat+mod_jk to serve this application, Apache seems to choke on serving up this image. I expect its because the sessionid is delimited by ';' instead of '?' as I'm used to, but maybe not. Either way - does anyone know of a way to get around this? If possible, I'd prefer not having to do anything special in the Apache conf, mainly because I'm using the auto-generated mod_jk conf file for this configuration. Thanks! Any takers on this? This is kinda hosin' up my Apache/Tomcat setup ... Tomcat standalone serves up the images fine with the jsessionid junk, but Apache doesn't! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- *Olivier Dutrieux* www.pasteur.fr Institut Pasteur Informatique de gestion Micro-Informatique 25-28 rue du Docteur Roux 75724 PARIS CEDEX 15 Tel: +33 (0) 1 40 61 31 62 Fax: +33 (0) 1 45 68 89 89 -- Brice D. Ruth Sr. IT Analyst Fiskars Brands, Inc. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: how to disable (or work around) jsessionid in html:img sources
I haven't actually run the code, but I don't see what the issue would be. If you run: javap -classpath /path/to/struts.jar org.apache.struts.Globals You should get something like: Compiled from Globals.java public class org.apache.struts.Globals extends java.lang.Object implements java.io.Serializable{ ... public static final java.lang.String MODULE_KEY; ... } Another approach would be to use the action that fronts the page to create the module path: ServletContext ctx = getServlet().getServletContext(); ModuleConfig moduleConfig = RequestUtils.getModuleConfig(request, ctx); String prefix = ; if (moduleConfig != null) { prefix = moduleConfig.getPrefix(); } String modulePath = request.getContextPath() + prefix; request.setAttribute(modulePath, modulePath); Ruth, Brice wrote: I tried this and got a JSP compile error that MODULE_KEY in org.apache.struts.Globals couldn't be resolved ... org.apache.struts.Globals _jspx_th_c_rt_set_0.setValue( Globals.MODULE_KEY ); ^ 1 error ?! Kris Schneider wrote: If you can accomplish what you want via Apache rewrite rules, that seems like a simpler solution. If that doesn't work out, here's a JSP/JSTL equivalent of how html:img comes up with the module path: %@ page import=org.apache.struts.Globals % %@ taglib prefix=curi=http://java.sun.com/jstl/core; % %@ taglib prefix=c_rt uri=http://java.sun.com/jstl/core_rt; % c_rt:set var=moduleKey value=%= Globals.MODULE_KEY %/ c:set var=moduleConfig value=${requestScope[moduleKey]}/ c:set var=prefix value=/ c:if test=${not empty moduleConfig} c:set var=prefix value=${moduleConfig.prefix}/ /c:if c:set var=modulePath value=${pageContext.request.contextPath}${prefix}/ img src=c:out value=${modulePath}/path/to/image/ Quoting dutrieux [EMAIL PROTECTED]: Maybe you can try, But I think the impacts is all pages send to apache then all virtualhosts defiend by the mod_jk. Ruth, Brice a écrit : Is this something I can do at a global level, so that it impacts all virtualhosts defined by the mod_jk auto configuration file generated by Tomcat's connector? dutrieux wrote: Hello For Apache v3.x you need to put in httpd.conf file this entry : RewriteRule ^(.*);jsessionid=.*$ $1 [L] Best regards Olivier Dutrieux * * Ruth, Brice a écrit : Ruth, Brice wrote: Hi. I'm using html:img in certain tiles that are used from very different places in my application with the page attribute to take advantage of module-relative naming for the image sources. However, when cookies aren't enabled, or on the first visit to the web application (with no session cookie having been previously detected), the ';jsessionid=X' gets added to the end of the image. Now, I'm not driving any dynamic images, nor do I intend to, so this sessionid is worthless to me. Furthermore - since I'm using Apache+Tomcat+mod_jk to serve this application, Apache seems to choke on serving up this image. I expect its because the sessionid is delimited by ';' instead of '?' as I'm used to, but maybe not. Either way - does anyone know of a way to get around this? If possible, I'd prefer not having to do anything special in the Apache conf, mainly because I'm using the auto-generated mod_jk conf file for this configuration. Thanks! Any takers on this? This is kinda hosin' up my Apache/Tomcat setup ... Tomcat standalone serves up the images fine with the jsessionid junk, but Apache doesn't! -- *Olivier Dutrieux* www.pasteur.fr Institut Pasteur Informatique de gestion Micro-Informatique 25-28 rue du Docteur Roux 75724 PARIS CEDEX 15 Tel: +33 (0) 1 40 61 31 62 Fax: +33 (0) 1 45 68 89 89 -- Kris Schneider mailto:[EMAIL PROTECTED] D.O.Tech http://www.dotech.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: how to disable (or work around) jsessionid in html:img sources
A bit of history on this subject: * From: Craig R. McClanahan * Subject: Re: Why would jsessionid not appear? * Date: Wed, 08 Aug 2001 12:09:26 -0700 The jsessionid path parameter will only be added if the servlet container does not know whether your client supports cookies. How Tomcat handles this (probably typical of others): * On the first response in a session, send the session id both ways (cookie and encoding). * If the subsequent request comes back with a cookie, turn of URL rewriting for the remainder of this session. * If the subsequent request comes back without a cookie, keep on rewriting. Craig So, with that having been said, all you have to do is tell all your users to hit refresh whenever they access your site. That way, all external links and images will work. If you find that unacceptable, you could: Move the contents of index.jsp to index2.jsp, then: Put a meta refresh tag as your initial page (index.jsp). META HTTP-EQUIV=refresh content=2;URL=http://www.yoursite.com/index2.jsp; or Add some javascript that sends the user to index2.jsp. (similar to above) or Use logic:redirect or any number of ways in a scriptlet to redirect to index2.jsp On the Struts-Atlanta web site (http://www.struts-atlanta.org), I take a slightly different approach. At the top of my index.jsp, I do this: logic:present parameter=refresh bean:parameter id=refreshed name=refresh/ /logic:present logic:notEqual name=refreshed value=true logic:redirect page=/index.jsp?refresh=true/ /logic:notEqual What this does is refresh the page one time only. This method works for me because I am not posting or processing any forms with this page which would not work correctly if I had. Hope that helps. -- James Mitchell Software Engineer / Struts Evangelist http://www.struts-atlanta.org 678.910.8017 AIM:jmitchtx - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]