First of all your servlet engine must support URL rewriting if cookies are
disabled.
For example: Apache with Tomcat 3.1b does not support URL rewriting.
If your server supports URL rewriting, use
response.encodeURL and
response.encodeRedirectURL
for all the links on your page to store the sessionid explicitly in the URL.
Gunjan
> ----------
> From: Hussain Shah[SMTP:[EMAIL PROTECTED]]
> Reply To: A mailing list about Java Server Pages specification and
> reference
> Sent: Wednesday, August 16, 2000 7:37 AM
> To: [EMAIL PROTECTED]
> Subject: Re: url rewriting for sessions
>
> Marco,
>
> Didi you find a solution for this, if so, care to share it with the rest
> of us?
>
>
>
>
>
> Marco M <[EMAIL PROTECTED]> on 08/16/2000 12:13:14 PM
>
> Please respond to A mailing list about Java Server Pages specification and
> reference <[EMAIL PROTECTED]>
>
> To: [EMAIL PROTECTED]
> cc: (bcc: Shaheen Hussain/AMS/AMSINC)
>
> Subject: Re: url rewriting for sessions
>
>
>
> hi
> please discard my previous message
> regards
> marco
>
> > -----Original Message-----
> > From: EXT Marco M [mailto:[EMAIL PROTECTED]]
> > Sent: 16. August 2000 12:19
> > To: [EMAIL PROTECTED]
> > Subject: Re: url rewriting for sessions
> >
> >
> > hi Hendrik,
> > thanx for the reply
> > but the problem now is that i don't know what to do with the id of the
> > session
> > since the interface HttpSessionContext is deprecated
> > so..i have to go back and forth from JSP to servlet.. and
> > store all the
> > session (with relative ids) in an Hashtable in the Servlet
> > do u have any other possible solutions??
> > thanx in advance & regards
> > marco
> >
> > > -----Original Message-----
> > > From: EXT Hendrik Schreiber [mailto:[EMAIL PROTECTED]]
> > > Sent: 16. August 2000 11:59
> > > To: [EMAIL PROTECTED]
> > > Subject: Re: url rewriting for sessions
> > >
> > >
> > > Hi!
> > >
> > > URL rewriting means that a URL in a page, that your JSP or
> > > servlets produces, is
> > > encoded with the method response.encodeURL(String yourURL).
> > >
> > > So in a JSP instead of writing:
> > > <a href="someURL">target</a>
> > >
> > > you should write:
> > > <a href="<%=response.encodeURL("someURL")%>">target</a>
> > >
> > > pretty much the same applies to servlets.
> > >
> > > And that is exactly the limitation: you have to rewrite every
> > > single URL you
> > > produce!
> > > The session id is sent back from the client to the server by
> > > clicking on the
> > > encoded link.
> > > Contrary to Cookies, URL rewriting does not make use of headers.
> > >
> > > If you want to make sure everybody out there shall be able to
> > > use your application,
> > > use URL rewriting where necessary (see
> > > request.isRequestedSessionIdFromURL() and
> > > request.isRequestedSessionIdFromCookie()).
> > >
> > > If you don't want to go through the hassle, just use cookies
> > > and tell you users to
> > > accept them. IMHO they are absolutely no scurity risk.
> > >
> > > -hendrik
> > > - - - - - - - - - - - - - - - - - - - - - - - - - - -
> > > tagtraum industries http://www.tagtraum.com/
> > > jo! small&smart 2.2 servletengine
> > > Java Server & Servlets The web-application book
> > > The WebApp Framework http://www.webapp.de/
> > >
> > >
> > >
> > > Joe Hanink wrote:
> > >
> > > > Questions about URL Rewriting:
> > > >
> > > > what exactly is this and how is it done?
> > > > what does the server do, and what is programmed?
> > > >
> > > > i've read that sessions tied to cookies can fail due to
> > client side
> > > > settings. url-rewriting was indicated as the workaround.
> > > >
> > > > do you build an adapted url or is it automated by some setting?
> > > > does the client app pass its session id with every request,
> > > via some header?
> > > >
> > > > finally, what are the limitations of url-rewriting... that
> > > is, what are the
> > > > failure modes (e.g. user clicks back button?)
> > > >
> > > >
> > > ==============================================================
> > > =============
> > > > To unsubscribe: mailto [EMAIL PROTECTED] with body:
> > > "signoff JSP-INTEREST".
> > > > Some relevant FAQs on JSP/Servlets can be found at:
> > > >
> > > > http://java.sun.com/products/jsp/faq.html
> > > > http://www.esperanto.org.nz/jsp/jspfaq.html
> > > > http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
> > > > http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
> > >
> > > ==============================================================
> > > =============
> > > To unsubscribe: mailto [EMAIL PROTECTED] with body:
> > > "signoff JSP-INTEREST".
> > > Some relevant FAQs on JSP/Servlets can be found at:
> > >
> > http://java.sun.com/products/jsp/faq.html
> > http://www.esperanto.org.nz/jsp/jspfaq.html
> > http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
> > http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
> >
> > ==============================================================
> > =============
> > To unsubscribe: mailto [EMAIL PROTECTED] with body:
> > "signoff JSP-INTEREST".
> > Some relevant FAQs on JSP/Servlets can be found at:
> >
> http://java.sun.com/products/jsp/faq.html
> http://www.esperanto.org.nz/jsp/jspfaq.html
> http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
> http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
>
> ==========================================================================
> =
> To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff
> JSP-INTEREST".
> Some relevant FAQs on JSP/Servlets can be found at:
>
> http://java.sun.com/products/jsp/faq.html
> http://www.esperanto.org.nz/jsp/jspfaq.html
> http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
> http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
>
> ==========================================================================
> =
> To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff
> JSP-INTEREST".
> Some relevant FAQs on JSP/Servlets can be found at:
>
> http://java.sun.com/products/jsp/faq.html
> http://www.esperanto.org.nz/jsp/jspfaq.html
> http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
> http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
>
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
Some relevant FAQs on JSP/Servlets can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
