Thanks and I appreciate the caveat about security. The URLs that have a session id in them are all internal URL's that will never be sent over the internet to a client.
Having said that I need JBoss to support both request with the URL in them and requests where the JSESSIONID is stored in a cookie. Will the setting you suggest changing switch between the two methodologies or with TOMCAT do I have to make an either/or choice about where the session id's are store? Thanks, David ----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[email protected]> Sent: Tuesday, March 15, 2005 8:42 PM Subject: Re: [Juglist] Session tracking with JBoss behind a PHP site > That JSESSIONID are you putting that in the URL or in a cookie. So if > you put it in a URL its not > secure and can never be secure and I can hack you with ethereal but if > this is local then maybe not a > big deal. You just need to enable url rewriting in tomcat. > > ModRewrite can do cookie mangling, not sure if there is a way to store > the cookie in PHP or something. > > jboss-4.0.1/server/default/deploy/jbossweb-tomcat50.sar/server.xml > > <DefaultContext cookies="true" crossContext="true" > override="true"/> > > make it say > > > <DefaultContext cookies="false" crossContext="true" > override="true"/> > > However don't say I didn't warn you. > > David Cooper wrote: > > >I have a site built with PHP 4.3 that sends requests to a JBoss j2ee > >application using either the include() or the virtual() functions from php > >land. Each request from a .php file seems to get a new http session in the > >JBoss 4.x server. > > > >I thought if I passed the JSESSSIONID in on an http request that would hook > >up the request from the PHP engine to the session in the JBoss domain. It > >simply doesn't seem to work. Even with the JSESSIONID set on each request > >there seems to be a new session created for each request from a .php file. > > > >If I know the session id shouldn't I be able to communicate to JBoss which > >session to use as the context for my request? > > > >Thanks, > >David Cooper > > > > > >----- Original Message ----- > >From: "Richard O. Hammer" <[EMAIL PROTECTED]> > >To: "Research Triangle Java User's Group mailing list." <[email protected]> > >Sent: Sunday, March 13, 2005 10:36 PM > >Subject: Re: [Juglist] website > > > > > > > > > >>[EMAIL PROTECTED] wrote: > >> > >> > >>>anyone know what is up with the website lately? it seems to be down a > >>> > >>> > >lot. > > > > > >>During the last few months, I have noticed that I often get server > >>errors when accessing the TriJUG.org website. These errors seem to > >>occur at random, unpredictable times, and seem to happen for any page > >>requested in the whole site. But I always succeed eventually when I try > >>again later, after a minute or five minutes. I guess it is something > >>happening on the server, unrelated to the content or programming of our > >>website. > >> > >>Rich Hammer > >> > >>_______________________________________________ > >>Juglist mailing list > >>[email protected] > >>http://trijug.org/mailman/listinfo/juglist_trijug.org > >> > >> > >> > > > > > >_______________________________________________ > >Juglist mailing list > >[email protected] > >http://trijug.org/mailman/listinfo/juglist_trijug.org > >. > > > > > > > > > _______________________________________________ > Juglist mailing list > [email protected] > http://trijug.org/mailman/listinfo/juglist_trijug.org > _______________________________________________ Juglist mailing list [email protected] http://trijug.org/mailman/listinfo/juglist_trijug.org
